Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2016/05/10 6:35 p.m.5 views

icedtea-web: applet origin spoofing

It was discovered that IcedTea-Web did not properly determine an applet's origin when asking the user if the applet should be run. A malicious page could use this flaw to cause IcedTea-Web to execute the applet without user approval, or confuse the user into approving applet execution based on an...

4.3CVSS6AI score0.03037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/10/07 12:0 a.m.22 views

SUSE SLED11 Security Update : icedtea-web (SUSE-SU-2015:1689-1)

The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security issues. - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - RH1231441 Unable to read the text of the buttons of the...

6.8CVSS5.4AI score0.03037EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2015/09/23 12:0 a.m.34 views

openSUSE Security Update : icedtea-web (openSUSE-2015-602)

The icedtea-web java plugin was updated to 1.6.1. Changes included : - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - comments in deployment.properties n...

6.8CVSS5.3AI score0.0344EPSS
Exploits0References7
OSV
OSV
added 2015/09/16 8:47 a.m.9 views

SUSE-SU-2015:1689-1 Security update for icedtea-web

The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security issues. permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService RH1231441 Unable to read the text of the buttons of the security...

6.8CVSS6.3AI score0.03037EPSS
Exploits0References5
ArchLinux
ArchLinux
added 2015/09/14 12:0 a.m.37 views

icedtea-web: multiple issues

CVE-2015-5234 unexpected permanent authorization of unsigned applets It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed...

6.8CVSS2.1AI score0.03037EPSS
Exploits0References3
Rows per page
Query Builder