120 matches found
SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 8974)
The OpenJDK Java Plugin IcedTea Web was released to fix a temporary file access problem. Changes : - Dialogs center on screen before becoming visible. - Support for u45 new manifest attributes Application-Name. - Custom applet permission policies panel in itweb-settings control panel. - Plugin...
CVE-2013-6493
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...
DEBIAN-CVE-2013-6493
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...
CVE-2013-6493
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...
Code injection
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...
CVE-2013-6493
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...
CVE-2013-6493
The CVE-2013-6493 issue affects the OpenJDK IcedTea Web LiveConnect implementation in IcedTea-Web (IcedTeaNPPlugin.cc) prior to version 1.4.2. Local attackers could read inter-process messages by pre-creating a predictable temporary socket file in /tmp, exposing partial confidentiality. A fix is ...
CVE-2013-6493
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...
CVE-2013-6493
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...
MGASA-2014-0049 Updated icedtea-web packages fix CVE-2013-6493
Updated icedtea-web packages fix security vulnerability: LiveConnect provides a gateway between the JavaScript engine in the web browser and Java applets. An insecure temporary file use flaw was found in the LiveConnect implementation in the IcedTea-Web browser plug-in. A malicious, local user...
Updated icedtea-web packages fix CVE-2013-6493
Updated icedtea-web packages fix security vulnerability: LiveConnect provides a gateway between the JavaScript engine in the web browser and Java applets. An insecure temporary file use flaw was found in the LiveConnect implementation in the IcedTea-Web browser plug-in. A malicious, local user...
October 2013 Oracle Java Critical Patch Update
On Tuesday, for the first time, Java security updates were included with the quarterly Oracle Critical Patch Update – and just as quickly, Java wasted no time elevating itself as the top concern for Oracle admins and security experts. Of the 51 Java patches released, 50 allow for remote code...
Oracle Linux 4 : seamonkey (ELSA-2010-0967)
From Red Hat Security Advisory 2010:0967 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base score...
Oracle Linux 5 / 6 : firefox (ELSA-2010-0966)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0966 advisory. firefox: 3.6.13-1.0.1.el60 - Added firefox-oracle-default-prefs.js and removed firefox-redhat-default-prefs.js bugz 11762 3.6.13-2 - Update to 3.6....
Oracle Java JDK / JRE 6 < Update 30 Multiple Vulnerabilities (Unix)
The version of Oracle formerly Sun Java Runtime Environment JRE 6.x installed on the remote host is earlier than Update 30 and is, therefore, potentially affected by the following vulnerabilities: - A stack overflow error exists related to proxy tunnels. Bug 6670868 - An error exists related to...
Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776,...
Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. CVE-2010-3767, CVE-2010-3772, CVE-2010-3776 A flaw was found in th...
CentOS Update for firefox CESA-2010:0966 centos4 x86_64
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2010:0966 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for seamonkey CESA-2010:0967 centos4 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Oracle Java JDK / JRE 6 < Update 30 Multiple Vulnerabilities
The version of Oracle formerly Sun Java Runtime Environment JRE 6.x installed on the remote host is earlier than Update 30 and is potentially affected by the following vulnerabilities: - A stack overflow error exists related to proxy tunnels. Bug 6670868 - An error exists related to foreach loops...