It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. (CVE-2015-5234)
Andrea Palazzo discovered that IcedTea Web incorrectly determined the origin of unsigned applets. A remote attacker could possibly use this issue to bypass user approval, or to trick the user into approving applet execution. (CVE-2015-5235)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.5.3-0ubuntu0.14.04.1", "binary_name": "icedtea-6-plugin" }, { "binary_version": "1.5.3-0ubuntu0.14.04.1", "binary_name": "icedtea-6-plugin-dbgsym" }, { "binary_version": "1.5.3-0ubuntu0.14.04.1", "binary_name": "icedtea-7-plugin" }, { "binary_version": "1.5.3-0ubuntu0.14.04.1", "binary_name": "icedtea-7-plugin-dbgsym" }, { "binary_version": "1.5.3-0ubuntu0.14.04.1", "binary_name": "icedtea-netx" }, { "binary_version": "1.5.3-0ubuntu0.14.04.1", "binary_name": "icedtea-netx-common" }, { "binary_version": "1.5.3-0ubuntu0.14.04.1", "binary_name": "icedtea-plugin" } ] }