Several security issues were fixed in IcedTea Web.
It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. (CVE-2015-5234)
24 November 2015
A security issue affects these releases of Ubuntu and its derivatives:
Several security issues were fixed in IcedTea Web.
It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. (CVE-2015-5234)
Andrea Palazzo discovered that IcedTea Web incorrectly determined the origin of unsigned applets. A remote attacker could possibly use this issue to bypass user approval, or to trick the user into approving applet execution. (CVE-2015-5235)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your browser to make all the necessary changes.