CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

CVE-2019-11696

CVE-2019-11696 affects Mozilla Firefox before 67.0. Files with the .JNLP extension used for Java Web Start are not treated as executable content during download prompts, yet they can be executed if Java is present, enabling a user to inadvertently launch a local executable. Impact details in conn...

Mozilla Firefox Command Execution Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 67, which stems from the program failing to recognize .JNLP files used in 'Java web start' applications as executable files. An...

FreeBSD : mozilla -- multiple vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)

Mozilla Foundation reports : CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server...

CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server...

Mozilla Firefox < 67.0 Multiple Vulnerabilities

Binary data 700727.prm...

Arbitrary Code Execution

spacewalk-java is vulnerable to arbitrary code execution. The vulnerability is exploitable through Java Web Start applications, and sandboxed Java applets...

Arbitrary Code Execution

java-1.6.0-ibm is vulnerable to arbitrary code execution. The vulnerability exists through sandboxed Java Web Start applications and sandboxed Java applets...

Denial Of Service (DoS)

The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was foun...

EUVD-2019-12336

Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

CVE-2019-2698

Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

Amazon Linux 2 : java-1.8.0-openjdk / java-1.7.0-openjdk (ALAS-2019-1177)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2019-1177)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker...

CVE-2019-2422

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

CVE-2019-2449

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

CVE-2019-2426

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

CVE-2019-2449

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

Denial Of Service (DoS)

java-1.8.0-openjdk is vulnerable to denial of service DoS attacks. The vulnerability exists through a vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Ja...