Sun Microsystems announced a vulnerability in Sun Java System Messaging Server 6.0, 6.1, 6.2 and 6.3 for Solaris 9 and 10 and Red Hat Enterprise Linux 3 and 4 last night. A cross-site scripting (XSS) vulnerability could allow a remote attacker to execute arbitrary JavaScript code in a user’s web browser. There is currently no work around for this issue. More detailed information can be found on SunSolve.
Sun notes that this vulnerability only affects Internet Explorer.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!