A flaw was discovered that IcedTea-Web did not properly determine an applet's origin when performing same-origin checks. A malicious page could use this flaw to bypass the Same Origin Policy (SOP) and access data on unrelated sites using a spoofed value for the applet's codebase attribute.
A flaw was discovered that IcedTea-Web did not properly determine an applet's origin when performing same-origin checks. A malicious page could use this flaw to bypass the Same Origin Policy (SOP) and access data on unrelated sites using a spoofed value for the applet's codebase attribute.