UBUNTU-CVE-2015-5235

Source
https://ubuntu.com/security/CVE-2015-5235
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-5235.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-5235
Related
Published
2015-10-09T00:00:00Z
Modified
2015-10-09T00:00:00Z
Summary
[none]
Details

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

References

Affected packages

Ubuntu:14.04:LTS / icedtea-web

Package

Name
icedtea-web
Purl
pkg:deb/ubuntu/icedtea-web?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.3-0ubuntu0.14.04.1

Affected versions

1.*

1.4-3ubuntu2
1.4.1-1ubuntu1
1.4.2-1ubuntu2
1.5-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.5.3-0ubuntu0.14.04.1",
            "binary_name": "icedtea-6-plugin"
        },
        {
            "binary_version": "1.5.3-0ubuntu0.14.04.1",
            "binary_name": "icedtea-6-plugin-dbgsym"
        },
        {
            "binary_version": "1.5.3-0ubuntu0.14.04.1",
            "binary_name": "icedtea-7-plugin"
        },
        {
            "binary_version": "1.5.3-0ubuntu0.14.04.1",
            "binary_name": "icedtea-7-plugin-dbgsym"
        },
        {
            "binary_version": "1.5.3-0ubuntu0.14.04.1",
            "binary_name": "icedtea-netx"
        },
        {
            "binary_version": "1.5.3-0ubuntu0.14.04.1",
            "binary_name": "icedtea-netx-common"
        },
        {
            "binary_version": "1.5.3-0ubuntu0.14.04.1",
            "binary_name": "icedtea-plugin"
        }
    ]
}