Launchpad.net

CVE 2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

Related bugs and status

CVE-2013-1926 (Candidate) is related to these bugs:

Bug #1002516: package icedtea-netx-common 1.2-2ubuntu1 failed to install/upgrade: trying to overwrite '/usr/share/icedtea-web/plugin.jar', which is also in package icedtea-plugin 1.1.3-1ubuntu1.1

Summary				In	Importance	Status
	1002516	package icedtea-netx-common 1.2-2ubuntu1 failed to install/upgrade: trying to overwrite '/usr/share/icedtea-web/plugin.jar', which is also in package icedtea-plugin 1.1.3-1ubuntu1.1		icedtea-web (Ubuntu)	Undecided	Fix Released
	1002516	package icedtea-netx-common 1.2-2ubuntu1 failed to install/upgrade: trying to overwrite '/usr/share/icedtea-web/plugin.jar', which is also in package icedtea-plugin 1.1.3-1ubuntu1.1		icedtea-web (Ubuntu Precise)	High	Fix Released

Bug #1078424: itweb-settings in icedtea-netx actually depends on openjdk-6

Summary				In	Importance	Status
	1078424	itweb-settings in icedtea-netx actually depends on openjdk-6		icedtea-web (Ubuntu)	Undecided	Fix Released
	1078424	itweb-settings in icedtea-netx actually depends on openjdk-6		icedtea-web (Ubuntu Precise)	Undecided	Fix Released

Bug #1131479: bring icedtea-web bug fixes from the 1.2.2 bug fix release to precise

Summary				In	Importance	Status
	1131479	bring icedtea-web bug fixes from the 1.2.2 bug fix release to precise		icedtea-web (Ubuntu)	Undecided	Fix Released
	1131479	bring icedtea-web bug fixes from the 1.2.2 bug fix release to precise		icedtea-web (Ubuntu Precise)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-1926

Related bugs and status

Related bugs

References