CVE-2013-1489
First published: Thu Jan 31 2013(Updated: )
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Jdk | =1.7.0-update10 | |
| Oracle Jdk | =1.7.0-update11 | |
| Oracle Jre | =1.7.0-update10 | |
| Oracle Jre | =1.7.0-update11 | |
| Google Chrome | ||
| Microsoft Internet Explorer | ||
| Mozilla Firefox | ||
| Opera Opera Browser |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
- http://marc.info/?l=bugtraq&m=136439120408139&w=2
- http://marc.info/?l=bugtraq&m=136733161405818&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0237.html
- http://seclists.org/fulldisclosure/2013/Jan/241
- http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/
- http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150
- http://www.kb.cert.org/vuls/id/858729
- http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
- http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx
- http://www.us-cert.gov/cas/techalerts/TA13-032A.html
- http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15906
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19171
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle jdk
- version/oracle jdk/1.7.0-update10
- version/oracle jdk/1.7.0-update11
- canonical/oracle jre
- version/oracle jre/1.7.0-update10
- version/oracle jre/1.7.0-update11
- vendor/google
- canonical/google chrome
- vendor/microsoft
- canonical/microsoft internet explorer
- vendor/mozilla
- canonical/mozilla firefox
- vendor/opera
- canonical/opera opera browser