The web browser plug-in in IcedTea-Web 1.0.x prior to 1.0.6 and 1.1.x prior to 1.1.4 allows remote malicious users to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat icedtea-web 1.1 |
||
redhat icedtea-web 1.1.1 |
||
redhat icedtea-web 1.1.2 |
||
redhat icedtea-web 1.1.3 |
||
redhat icedtea-web 1.0 |
||
redhat icedtea-web 1.0.5 |
||
redhat icedtea-web 1.0.2 |
||
redhat icedtea-web 1.0.4 |
||
redhat icedtea-web 1.0.1 |
||
redhat icedtea-web 1.0.3 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 10.10 |
||
canonical ubuntu linux 11.04 |
||
opensuse opensuse 12.1 |
||
canonical ubuntu linux 11.10 |