USN-2817-1: IcedTea Web vulnerabilities
24 November 2015
Several security issues were fixed in IcedTea Web.
- icedtea-web - A web browser plugin to execute Java applets
It was discovered that IcedTea Web incorrectly handled applet URLs. A
remote attacker could possibly use this issue to inject applets into the
.appletTrustSettings configuration file and bypass user approval.
Andrea Palazzo discovered that IcedTea Web incorrectly determined the
origin of unsigned applets. A remote attacker could possibly use this issue
to bypass user approval, or to trick the user into approving applet
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart your browser to make
all the necessary changes.