CVE-2015-5235
Published: 9 October 2015
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
Notes
Author | Note |
---|---|
mdeslaur | extended applets security was introduced in icedtea-web 1.4 |
Priority
Status
Package | Release | Status |
---|---|---|
icedtea-web Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(code not present)
|
trusty |
Released
(1.5.3-0ubuntu0.14.04.1)
|
|
upstream |
Released
(1.5.3)
|
|
vivid |
Released
(1.5.3-0ubuntu0.15.04.1)
|
|
wily |
Released
(1.5.3-0ubuntu0.15.10.1)
|
|
Patches: upstream: http://icedtea.classpath.org/hg/icedtea-web/rev/531034ce3e30 upstream: http://icedtea.classpath.org/hg/icedtea-web/rev/ee5e2cb91774 |