Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and previous versions, JDK and JRE 5.0 Update 12 and previous versions, SDK and JRE 1.4.2_15 and previous versions, and SDK and JRE 1.3.1_20 and previous versions, when Firefox or Opera is used, allows remote malicious users to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun sdk 1.4.2_15 |
||
sun jdk 1.5.0 |
||
sun jre 1.3.1 |
||
sun jdk 1.6.0 |
||
sun jre 1.4.2_12 |
||
sun jre 1.4.2_13 |
||
sun jre 1.5.0 |
||
sun jre 1.3.0 |
||
sun jre |
||
sun jre 1.4 |
||
sun jre 1.4.2_14 |
||
sun jre 1.6.0 |
||
sun sdk 1.4.2 |
||
sun sdk 1.4.2_03 |
||
sun sdk 1.4.2_14 |
||
sun jdk |
||
sun jre 1.4.2_1 |
||
sun jre 1.4.2_10 |
||
sun jre 1.4.2_11 |
||
sun jre 1.4.2_9 |
||
sun sdk 1.3.1_16 |
||
sun sdk 1.3.1_18 |
||
sun sdk 1.4.2_10 |
||
sun sdk 1.4.2_11 |
||
sun sdk 1.3.1_19 |
||
sun sdk |
||
sun sdk 1.4.2_12 |
||
sun sdk 1.4.2_13 |
||
sun jre 1.4.1 |
||
sun jre 1.4.2 |
||
sun jre 1.4.2_3 |
||
sun jre 1.4.2_8 |
||
sun sdk 1.3.1_01 |
||
sun sdk 1.3.1_01a |
||
sun sdk 1.4.2_08 |
||
sun sdk 1.4.2_09 |
||
sun jdk 6 |