It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. (CVE-2015-5234)
Andrea Palazzo discovered that IcedTea Web incorrectly determined the origin of unsigned applets. A remote attacker could possibly use this issue to bypass user approval, or to trick the user into approving applet execution. (CVE-2015-5235)
{ "binaries": [ { "binary_name": "icedtea-6-plugin", "binary_version": "1.5.3-0ubuntu0.14.04.1" }, { "binary_name": "icedtea-6-plugin-dbgsym", "binary_version": "1.5.3-0ubuntu0.14.04.1" }, { "binary_name": "icedtea-7-plugin", "binary_version": "1.5.3-0ubuntu0.14.04.1" }, { "binary_name": "icedtea-7-plugin-dbgsym", "binary_version": "1.5.3-0ubuntu0.14.04.1" }, { "binary_name": "icedtea-netx", "binary_version": "1.5.3-0ubuntu0.14.04.1" }, { "binary_name": "icedtea-netx-common", "binary_version": "1.5.3-0ubuntu0.14.04.1" }, { "binary_name": "icedtea-plugin", "binary_version": "1.5.3-0ubuntu0.14.04.1" } ], "availability": "No subscription required" }