5 matches found
icedtea-web: applet origin spoofing
It was discovered that IcedTea-Web did not properly determine an applet's origin when asking the user if the applet should be run. A malicious page could use this flaw to cause IcedTea-Web to execute the applet without user approval, or confuse the user into approving applet execution based on an...
SUSE SLED11 Security Update : icedtea-web (SUSE-SU-2015:1689-1)
The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security issues. - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - RH1231441 Unable to read the text of the buttons of the...
openSUSE Security Update : icedtea-web (openSUSE-2015-602)
The icedtea-web java plugin was updated to 1.6.1. Changes included : - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - comments in deployment.properties n...
SUSE-SU-2015:1689-1 Security update for icedtea-web
The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security issues. permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService RH1231441 Unable to read the text of the buttons of the security...
icedtea-web: multiple issues
CVE-2015-5234 unexpected permanent authorization of unsigned applets It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed...