java 7 Update 11 Zero-Day Exploit Sold for $5,000 on Underground Market

[hclarkjr]

http://news.softpedia.com/news/Java...-for-5-000-on-Underground-Market-321702.shtml

 

[MontyAC]

Good thing I disabled this on my systems.

 

[sm625]

Why doesnt oracle just buy these on the underground market? It costs them one hell of a lot more than $5k to fix each one of these problems, so they're paying the ransom either way.

 

[bruceb]

Here we go again. I wonder when the web browsers, like Firefox will be able to display web pages that used to need Java, internally in the browser, in total safety (if that is doable)

 

[Ken g6]

I wonder when the web browsers, like Firefox will be able to display web pages that used to need Java, internally in the browser, in total safety (if that is doable)

Well, Doppio looks interesting. It's a Java Virtual Machine implemented in JavaScript.

 

[lamedude]

I suppose you could integrate OpenJDK into the browser but who still uses Java applets. Oracle should not install the browser plugins by default since Minecraft is the only reason a lot of people need Java anymore.

 

[bruceb]

Some game sites, like certain games on Thinks.com and also on Bestcrosswords.com use Java to display the interactive puzzles.

 

[lxskllr]

I suppose you could integrate OpenJDK into the browser but who still uses Java applets.

I think that has the same vulnerabilities as Oracle Java. You may luck into missing a specific exploit, but they're very close, so an exploit of one will likely affect the other.

 

[pyonir]

I spend some time on pogo.com and they use Java for their games. I removed Java from one of my systems, but the other still has it because I use that one on pogo. It's a pain in the ass.