CVE-2011-3377

Priority
Medium
Description
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before
1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and
execute arbitrary script or establish network connections to unintended
hosts via an applet whose origin has the same second-level domain, but a
different sub-domain than the targeted domain.
References
Notes
mdeslaur> in natty+, NetX and the plugin moved to the icedtea-web package
Assigned-to
sbeattie
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (netx in icedtea-web)
Ubuntu 12.10 (Quantal Quetzal):not-affected (netx in icedtea-web)
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):released (6b20-1.9.10-0ubuntu1~10.04.2)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (netx in icedtea-web)
Ubuntu 12.10 (Quantal Quetzal):not-affected (netx in icedtea-web)
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):released (6b18-1.8.10-0ubuntu1~10.04.2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Package
Upstream:not-affected
Ubuntu 10.04 LTS (Lucid Lynx):DNE (removed from archive)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (1.2-2ubuntu0.10.04.1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.2~pre1-0ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (1.2~pre1-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-02-14 14:14:50 UTC (commit 7751)