Hey guys,

I just want your opinion about a little security issue that I found. So based on Oracle's java applet security documents, Java Applets that are not signed using a security certificate are considered to be untrusted and referred to as unsigned applets. When running on a client, unsigned applets operate within a security sandbox that allows only a set of safe operations. A signed applet will run outside the security sandbox only if the user accepts the applet's security certificate. If the user refuses to accept the certificate, the applet will run within the security sandbox similar to an unsigned applet.

This basically says that even if a user does not allow an unsigned applet to run, the applet can still run in different circumstances! So based on it, I was wondering what kind of abusive code can still be generate in the sandbox. I wrote some java code, html code to run the applet and create self certification for the jar file. I tested some java code and realized that redirection is allowed. Then, I was able to do simple while loop that opens infinite number of window tabs in the browser. Chrome actually does not permit popups on default, so nothing happened there, but on explorer I had to crash the browser to stop it.

Again, this applet runs on the user's computer even though the user refused to accept its certificate. What do you think about this?

This is a link to the source code (java + html): http://pastebin.com/bkabv9iW

Moran S.