Gentoo FoundationMGASA-2014-0049Updated icedtea-web packages fix CVE-2013-6493
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
Updated icedtea-web packages fix security vulnerability: LiveConnect provides a gateway between the JavaScript engine in the web browser and Java applets. An insecure temporary file use flaw was found in the LiveConnect implementation in the IcedTea-Web browser plug-in. A malicious, local user could possibly use this flaw to inject or read the communication between a Java applet and web browser of a different user’s session (CVE-2013-6493).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 3 | noarch | icedtea-web | < 1.4.2-1 | icedtea-web-1.4.2-1.mga3 |
| Mageia | 4 | noarch | icedtea-web | < 1.4.2-1 | icedtea-web-1.4.2-1.mga4 |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%