Nixpkgs security tracker

Untriaged

Permalink CVE-2015-5236

created 2 months ago Activity log

Created suggestion 2 months ago

It was discovered that the IcedTea-Web used codebase attribute of …

It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1256403 x_transferredx_refsource_MISC

Affected products

Icedtea-web

==Unkown

Matching in nixpkgs

pkgs.adoptopenjdk-icedtea-web

Java web browser plugin and an implementation of Java Web Start

nixos-unstable 1.8.8
- nixpkgs-unstable 1.8.8
- nixos-unstable-small 1.8.8
nixos-25.11 1.8.8
- nixos-25.11-small 1.8.8
- nixpkgs-25.11-darwin 1.8.8

pkgs.pkgsRocm.adoptopenjdk-icedtea-web