Описание
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.2~pre1-0ubuntu1 |
| hardy | DNE | |
| lucid | not-affected | 1.2-2ubuntu0.10.04.1 |
| maverick | DNE | |
| natty | released | 1.1.1-0ubuntu1~11.04.2 |
| oneiric | released | 1.1.3-1ubuntu1.1 |
| precise | not-affected | 1.2~pre1-0ubuntu1 |
| quantal | not-affected | 1.2~pre1-0ubuntu1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | netx in icedtea-web |
| hardy | released | 6b27-1.12.3-0ubuntu1~08.04.1 |
| lucid | released | 6b20-1.9.10-0ubuntu1~10.04.2 |
| maverick | released | 6b20-1.9.10-0ubuntu1~10.10.2 |
| natty | not-affected | netx in icedtea-web |
| oneiric | not-affected | netx in icedtea-web |
| precise | not-affected | netx in icedtea-web |
| quantal | not-affected | netx in icedtea-web |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 6b18-1.8.10-0ubuntu1~10.04.2 |
| maverick | released | 6b18-1.8.10-0ubuntu1~10.10.2 |
| natty | not-affected | netx in icedtea-web |
| oneiric | not-affected | netx in icedtea-web |
| precise | DNE | |
| quantal | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | netx in icedtea-web |
| hardy | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | not-affected | netx in icedtea-web |
| precise | not-affected | netx in icedtea-web |
| quantal | not-affected | netx in icedtea-web |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | ignored | end of life |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | not-affected | |
| lucid | DNE | removed from archive |
| maverick | DNE | removed from archive |
| natty | DNE | removed from archive |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| upstream | not-affected |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x be ...
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
EPSS
4.3 Medium
CVSS2