Updated icedtea-web packages fix CVE-2013-6493
Publication date: 10 Feb 2014Modification date: 10 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6493
Description
Updated icedtea-web packages fix security vulnerability: LiveConnect provides a gateway between the JavaScript engine in the web browser and Java applets. An insecure temporary file use flaw was found in the LiveConnect implementation in the IcedTea-Web browser plug-in. A malicious, local user could possibly use this flaw to inject or read the communication between a Java applet and web browser of a different user's session (CVE-2013-6493).
References
SRPMS
3/core
- icedtea-web-1.4.2-1.mga3
4/core
- icedtea-web-1.4.2-1.mga4