It is possible for an applet to generate and execute raw machine code
on the machine where the browser is running. This means that a
maliciously written applet can perform any action that the legitimate
user can perform; for example, an applet can read, delete, or change
files that the user owns. Because applets are loaded and run
automatically as a side-effect of visiting a Web page, someone could
"booby-trap" their Web page and compromise the machine of anyone visiting
the page. This is the problem described in the Wall Street Journal on
March 26, 1996 ("Researchers Find Big Security Flaw in Java Language," by
Don Clark).
If Java is enabled and a Web page containing a maliciously written
applet is viewed by any of the vulnerable browsers or Sun's appletviewer,
that applet can perform any operation that the legitimate user can
perform. For example, the applet could read, delete, or in other ways
corrupt the user's files and any other files the user has access to, such
as /etc/passwd.
Note: The security enhancements announced by Sun Microsystems in
JDK version 1.0.1 and by Netscape Communications in Netscape
Navigator version 2.0x do *not* fix this flaw.
(eof)
How many of u out there using Netscape, with Java enabled :)
73, George
ve7ciz