Code injection

IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that 1 are "partially signed" or 2 signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source...

PT-2011-2022 · Oracle · Icedtea

Name of the Vulnerable Software and Affected Versions: IcedTea versions 1.7 through 1.7.7 IcedTea versions 1.8 through 1.8.4 IcedTea versions 1.9 through 1.9.4 Description: The issue allows remote attackers to trick users into executing code that appears to come from a trusted source, due to...

PT-2011-1514 · Oracle +1 · Icedtea +1

Name of the Vulnerable Software and Affected Versions: IcedTea versions 1.7 through 1.7.6 IcedTea versions 1.8 through 1.8.3 IcedTea versions 1.9 through 1.9.3 Description: The issue allows context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. Th...

CVE-2010-3860

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including 1 user.name, 2 user.home, and 3 java.home system properties, and other sensitive...