Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-3866

Published: 5 November 2009

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.

Priority

Medium

Status

Package Release Status
sun-java6
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (6.20dlj-0ubuntu1.8.04)
intrepid Ignored
(end of life, was needs-triage)
jaunty
Released (6.20dlj-0ubuntu1.9.04)
karmic
Released (6.20dlj-0ubuntu1.9.10)
lucid
Released (6.20dlj-1ubuntu3)
upstream
Released (6.17)