Ubuntu 14.04 LTS : IcedTea Web vulnerabilities (USN-2817-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2817-1 advisory. It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the...

USN-2817-1: IcedTea Web vulnerabilities

It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. CVE-2015-5234 Andrea Palazzo discovered that IcedTea Web incorrectly determined the orig...

icedtea-web: unexpected permanent authorization of unsigned applets

It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval...

Vulnerability of the Java Platform software platform, which allows attackers to manipulate the accessibility of information

The vulnerability of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through the use of Java Web Start or Java applets...

Vulnerability of the Java Platform software platform, allowing a perpetrator to execute arbitrary code

The vulnerability of the Java Platform’s CORBA subsystem is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a Java Web Start application or Java applet, from a remote location...

Vulnerability of the Java Platform software platform, allowing attackers to modify data

The vulnerability of the Libraries sub-component of the Java Platform software platform is related to errors in the code. Exploiting this vulnerability allows a malicious actor to modify data using the Java Web Start application or Java applet...

Vulnerability of the Java Platform software platform, which allows attackers to gain access to protected information

The vulnerability of the Java Platform’s subsystem Libraries is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to protected information through a Java Web Start application or Java applet...

Vulnerability of the Java Platform software platform, which allows attackers to gain access to protected information

The vulnerability of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected information through the use of the Java Web Start application or Java applet...

Vulnerability of the Java Platform software platform, which allows attackers to gain access to protected information

The vulnerability of the JAXP sub-component of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to protected information through a Java Web Start application or Java applet...

Vulnerability of the Java Platform software platform, which allows attackers to gain access to protected information

The vulnerability of the JGSS sub-component of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to protected information through the use of Java Web Start or Java applets...

Vulnerability of the Java Platform software platform, which allows attackers to gain access to protected information

The vulnerability of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected information through the use of the Java Web Start application or Java applet...

Vulnerability of the Java Platform software platform, which allows attackers to gain access to protected information

The vulnerability of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected information through the use of the Java Web Start application or Java applet...

Vulnerability of the Java Platform software platform, allowing a perpetrator to execute arbitrary code

The vulnerability of the RMI subsystem of the Java Platform is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a Java Web Start application or Java applet, from a remote location...

KLA10689 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilitie...

IcedTea-Web Incorrectly Validates Unsigned Applet Vulnerability

IcedTea with an open source implementation to replace those non-open source parts of the OpenJDK , and for the current lack of platform portability OpenJDK to provide portability . IcedTea-Web fails to properly verify the origin of an unsigned applet, allowing remote attackers to build malicious...

DEBIAN-CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...

CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...

CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...

UBUNTU-CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...

Security update for icedtea-web (important)

The icedtea-web java plugin was updated to 1.6.1. Changes included: Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService comments in deployment.properties now should...