Description
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
References (22)
Core 22
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0753.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/92543
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83642
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:146
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53109
Release Notes x_refsource_confirm
http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53117
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
Release Notes x_refsource_confirm
http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1804-1
Release Notes x_refsource_confirm
http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/59281
Third Party Advisory x_refsource_misc
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=916774
Various Sources mailing-list
x_refsource_mlist
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
Scores
EPSS
0.0186
EPSS Percentile
76.9%
Details
Status
published
Products (25)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
opensuse/opensuse
12.2
redhat/icedtea-web
1.0
redhat/icedtea-web
1.0.1
redhat/icedtea-web
1.0.2
redhat/icedtea-web
1.0.3
redhat/icedtea-web
1.0.4
... and 15 more
Published
Apr 29, 2013
Tracked Since
Feb 18, 2026