CVE-2011-3377
Published: 8 November 2011
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
Notes
Author | Note |
---|---|
mdeslaur | in natty+, NetX and the plugin moved to the icedtea-web package |
Priority
Status
Package | Release | Status |
---|---|---|
icedtea-web Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(1.2-2ubuntu0.10.04.1)
|
|
maverick |
Does not exist
|
|
natty |
Released
(1.1.1-0ubuntu1~11.04.2)
|
|
oneiric |
Released
(1.1.3-1ubuntu1.1)
|
|
precise |
Not vulnerable
(1.2~pre1-0ubuntu1)
|
|
quantal |
Not vulnerable
(1.2~pre1-0ubuntu1)
|
|
upstream |
Needs triage
|
|
openjdk-6 Launchpad, Ubuntu, Debian |
hardy |
Released
(6b27-1.12.3-0ubuntu1~08.04.1)
|
lucid |
Released
(6b20-1.9.10-0ubuntu1~10.04.2)
|
|
maverick |
Released
(6b20-1.9.10-0ubuntu1~10.10.2)
|
|
natty |
Not vulnerable
(netx in icedtea-web)
|
|
oneiric |
Not vulnerable
(netx in icedtea-web)
|
|
precise |
Not vulnerable
(netx in icedtea-web)
|
|
quantal |
Not vulnerable
(netx in icedtea-web)
|
|
upstream |
Needs triage
|
|
openjdk-6b18 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(6b18-1.8.10-0ubuntu1~10.04.2)
|
|
maverick |
Released
(6b18-1.8.10-0ubuntu1~10.10.2)
|
|
natty |
Not vulnerable
(netx in icedtea-web)
|
|
oneiric |
Not vulnerable
(netx in icedtea-web)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
openjdk-7 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Not vulnerable
(netx in icedtea-web)
|
|
precise |
Not vulnerable
(netx in icedtea-web)
|
|
quantal |
Not vulnerable
(netx in icedtea-web)
|
|
upstream |
Needs triage
|
|
sun-java5 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
sun-java6 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Does not exist
(removed from archive)
|
|
maverick |
Does not exist
(removed from archive)
|
|
natty |
Does not exist
(removed from archive)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Not vulnerable
|