SUSE CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

openSUSE Security Update : icedtea-web (openSUSE-SU-2011:1251-1)

Update to version 1.1.4 of icedtea-web to fix the following issues : - CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass - PR778: Jar download and server certificate verification deadlock %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

openSUSE Security Update : icedtea-web (openSUSE-SU-2011:1251-1)

Update to version 1.1.4 of icedtea-web to fix the following issues : - CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass - PR778: Jar download and server certificate verification deadlock %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0371-1)

update to 1.2 - New features : - Signed JNLP support - Support for client authentication certificates - Cache size enforcement now supported via itweb-settings - Applet parameter passing through JNLP files now supported - Better icons for access warning dialog - Security Dialog UI revamped to...

CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

CVE-2011-3377

CVE-2011-3377 affects the IcedTea-Web web browser plugin. The vulnerability is a Same Origin Policy bypass in applets whose origin shares the same second-level domain as the target but uses a different sub-domain. Affected are IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4. This bypass can...

Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64

The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy...

RedHat Update for icedtea-web RHSA-2011:1441-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Debian: Security Advisory (DSA-2420-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2420-1 : openjdk-6 - several vulnerabilities

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. - CVE-2011-3377 The IcedTea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix...

Fedora 16 : icedtea-web-1.1.4-1.fc16 (2011-15691)

This update addresses the following : RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and su= ffix domain SOP bypass ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block...

Fedora Update for icedtea-web FEDORA-2011-15673

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RHEL 6 : icedtea-web (RHSA-2011:1441)

Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...