OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)

A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...

OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)

A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...

OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)

A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions...

OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314)

An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

Sun Java Virtual Machine 1.x Font.createFont Method Insecure Temporary File Creation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10685/info Sun Java Virtual Machine is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Unix, Linux, and Microsoft platforms. Sun Java Virtual...

Sun Java Applet Font.createFont Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17981/info Sun Java is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain Java applets. Successfully exploiting this issue will cause the application to create a...

Sun Java SE November 2009 Multiple Security Vulnerabilities (2)

No description provided by source. source: http://www.securityfocus.com/bid/36881/info Sun has released updates to address multiple security vulnerabilities in Java SE. Successful exploits may allow attackers to bypass certain security restrictions, run untrusted applets with elevated privileges,...

Netscape Communicator 4.x URL Read Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1546/info A flaw in Netscape Communicator's implementation of Java allows malicious applets to read any resource reachable via a URL from the local machine by using the netscape.net.URLConnection and...

Mozilla Firefox 2.0.0.14 - JSframe Heap Corruption Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29318/info Mozilla Firefox is prone to a remote denial-of-service vulnerability when running certain JavaScript commands on empty applets in an iframe. Successful exploits can allow attackers to crash the affected browser...

CoffeeCup Software Password Wizard 4.0 HTML Source Password Retrieval Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard configured to generate Java applets to password...

openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0893-1)

Changes in icedtea-web with update to 1.4 bnc818768 : - Added cs, de, pl localization - Splash screen for javaws and plugin - Better error reporting for plugin via Error-splash-screen - All IcedTea-Web dialogues are centered to middle of active screen - Download indicator made compact for more th...

Mozilla Browsers JavaScript Navigator Object Memory Corruption - Ver2 (CVE-2006-3677)

Mozilla Firefox and Seamonkey are very popular open source web browsers from Mozilla Foundation, based on the Mozilla Suite code base. The browser is an application designed for tasks related to web browsing, such as displaying HTML pages, downloading files, rendering different media, and so on...

[USN-2131-1] IcedTea Web vulnerability

========================================================================== Ubuntu Security Notice USN-2131-1 March 06, 2014 icedtea-web vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

DEBIAN-CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

JDK: unspecified vulnerability fixed in 6u29 (Swing)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and...

JDK: unspecified vulnerability fixed in 6u29 (Deployment)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to...