CVE-2015-5236

2021-11-11T22:23:55
ID RH:CVE-2015-5236
Type redhatcve
Reporter redhat.com
Modified 2021-11-11T22:23:55

Description

A flaw was discovered that IcedTea-Web did not properly determine an applet's origin when performing same-origin checks. A malicious page could use this flaw to bypass the Same Origin Policy (SOP) and access data on unrelated sites using a spoofed value for the applet's codebase attribute.