CVE-2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet...

CVE-2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet...

SuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7642)

This update to version 1.3.2 fixes several security updates and common fixes. bnc815596 Security Updates - fixed gifar vulnerability. CVE-2013-1927 - Class-loader incorrectly shared for applets with same relative-path. Common. CVE-2013-1926 - Added new option in itw-settings which allows users to...

Fedora 19 : icedtea-web-1.3.2-0.fc19 (2013-5877)

New in release 1.3.2 2013-04-17 : - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin...

CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:0770)

Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Fedora 17 : icedtea-web-1.3.2-0.fc17 (2013-5925)

Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX - PR580:...

OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...

OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...

Fedora 18 : icedtea-web-1.3.2-0.fc18 (2013-5962)

New in release 1.3.2 2013-04-17 : - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin...

RHEL 6 : icedtea-web (RHSA-2013:0753)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0753 advisory. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It...

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20130417)

Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569, CVE-2013-2383, CVE-2013-2384 Multiple improper permission check issues were...

OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...

icedtea-web: class loader sharing for applets with same codebase paths

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet...

CVE-2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet...

Vulnerability in the filesystem loader

More info at http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released...

Vulnerability in the filesystem loader

More info at http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released...

CVE-2013-0917

The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

Out-of-bounds

The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

CVE-2013-0917

The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

CVE-2013-0917

The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...