Advisories ยป MGASA-2014-0049

Updated icedtea-web packages fix CVE-2013-6493

Publication date: 10 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6493

Description

Updated icedtea-web packages fix security vulnerability:

LiveConnect provides a gateway between the JavaScript engine in the web
browser and Java applets. An insecure temporary file use flaw was found in
the LiveConnect implementation in the IcedTea-Web browser plug-in. A
malicious, local user could possibly use this flaw to inject or read the
communication between a Java applet and web browser of a different user's
session (CVE-2013-6493).
                

References

SRPMS

3/core

4/core