> From: William T Goodall <[EMAIL PROTECTED]>
> on 24/4/02 12:29 am, The Fool at [EMAIL PROTECTED] wrote: > > > Java can do some very invasive things like this: > > http://www.theregister.co.uk/content/4/24902.html > > Actually the story is about a *JavaScript* security hole in IE. Java and > JavaScript are, despite the names, two quite different things. > > On the whole, and inevitable bugs aside, Java is much more likely to be > secure than JavaScript since it was designed from the ground up with > security in mind, whereas JavaScript has had security features retrofitted. This particular Javascript exploit (which their is no patch for), allows javascript to do things in the local zone, which usually has very limited security settings. The very fact that it is possible to do malicious things in javascript, albeit with an exploit, shows just how flawed javascript is. Javascript has access to cookies, the referrer, information about your browser, and operating system, history, can open or _close_ windows, can redirect, and so much more.
