Researchers at the University of Washington have discovered another security bug in Java, Sun's Internet programming language. This bug allows hackers to retrieve data from a user's computer using their Java-enabled Web browser. Fortunately, the bug only affects Sun's HotJava browser, not Internet Explorer or Navigator, the two most popular Web browsers. According to the researchers, the bug is only found in the Java SDK version 1.1.2, which has yet to be integrated into the more popular Web browsers.
Sun has confirmed the existence of the bug but is downplaying its significance since IE and Netscape users are unaffected.
"Our security model is very good and our implementation is getting better," said Marianne Mueller, a security engineer at Sun. "To me, that's different a from situation where you don't even have a security model." She was referring to ActiveX, of course, though no one is sure what that has to do with this bug. More importantly, if Sun's "implementation" is getting better, why does this bug affect their latest SDK and not any of the older versions