CVE-2011-3377

Priority
Description
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before
1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and
execute arbitrary script or establish network connections to unintended
hosts via an applet whose origin has the same second-level domain, but a
different sub-domain than the targeted domain.
Assigned-to
sbeattie
Notes
mdeslaurin natty+, NetX and the plugin moved to the icedtea-web package
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:not-affected
More Information

Updated: 2020-09-10 01:47:25 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)