CVE-2011-3377

Priority
Medium
Description
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before
1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and
execute arbitrary script or establish network connections to unintended
hosts via an applet whose origin has the same second-level domain, but a
different sub-domain than the targeted domain.
References
Notes
 mdeslaur> in natty+, NetX and the plugin moved to the icedtea-web package
Assigned-to
sbeattie
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (netx in icedtea-web)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (netx in icedtea-web)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.2~pre1-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:02 UTC (commit 9756)