CVE-2013-1926 Information

Description

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

Reference

http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586 http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html http://osvdb.org/92543 http://rhn.redhat.com/errata/RHSA-2013-0753.html http://secunia.com/advisories/53109 http://secunia.com/advisories/53117 http://www.mandriva.com/security/advisories?name=MDVSA-2013:146 http://www.securityfocus.com/bid/59281 http://www.ubuntu.com/usn/USN-1804-1 https://bugzilla.redhat.com/show_bug.cgi?id=916774 https://exchange.xforce.ibmcloud.com/vulnerabilities/83642 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123