The IcedTea-Web plugin prior to 1.2.3 and 1.3.x prior to 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote malicious users to obtain sensitive information or possibly alter other applets via a crafted applet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat icedtea-web 1.0 |
||
redhat icedtea-web 1.0.5 |
||
redhat icedtea-web 1.0.6 |
||
redhat icedtea-web 1.1.6 |
||
redhat icedtea-web 1.1.7 |
||
redhat icedtea-web 1.0.1 |
||
redhat icedtea-web 1.0.2 |
||
redhat icedtea-web 1.1.2 |
||
redhat icedtea-web 1.1.3 |
||
redhat icedtea-web |
||
redhat icedtea-web 1.3 |
||
redhat icedtea-web 1.1 |
||
redhat icedtea-web 1.1.1 |
||
redhat icedtea-web 1.2 |
||
redhat icedtea-web 1.2.1 |
||
redhat icedtea-web 1.0.3 |
||
redhat icedtea-web 1.0.4 |
||
redhat icedtea-web 1.1.4 |
||
redhat icedtea-web 1.1.5 |
||
redhat icedtea-web 1.3.1 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 10.04 |
||
opensuse opensuse 12.2 |