Security Flaws in the HotJava Web Browser

Report ID: TR-501-95

---

Author: Wallach, Dan S. / Dean, Drew

---

Date: 1995-11-00

---

Pages: 8

---

Download Formats: |Postscript|

---

Abstract:

The growth of the Internet and the World Wide Web has led to demand for Web extensions, such as the ability to run server-supplied code on a Web client. We examine the HotJava Web browser and the Java language in which it is implemented. We demonstrate several attacks that compromise HotJava's security. Some of these attacks are made possible through browser code that fails to enforce access permissions, but can be easily fixed. Others point to underlying tension between the openness desired by Web application writers and the security desired by their users. We discuss the interaction of application requirements and security needs and suggest how they can both be accommodated. For more information please see http://www.cs.princeton.edu/~ddean/java