CVE-2013-1926
First published: Thu Feb 28 2013(Updated: )
It was discovered that IcedTea-Web browser plugin incorrectly used the same class loader for applets with the same codebase paths. The default and commonly used codebase value is ".". A malicious applet could use this flaw to gain information about or possibly manipulate other applets currently running in the browser. This could possibly lead to malicious applet's code being executed as part of the other applet.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea-web | <1.2.3 | 1.2.3 |
| redhat/icedtea-web | <1.3.2 | 1.3.2 |
| Red Hat IcedTea-Web | <=1.2.2 | |
| Red Hat IcedTea-Web | =1.0 | |
| Red Hat IcedTea-Web | =1.0.1 | |
| Red Hat IcedTea-Web | =1.0.2 | |
| Red Hat IcedTea-Web | =1.0.3 | |
| Red Hat IcedTea-Web | =1.0.4 | |
| Red Hat IcedTea-Web | =1.0.5 | |
| Red Hat IcedTea-Web | =1.0.6 | |
| Red Hat IcedTea-Web | =1.1 | |
| Red Hat IcedTea-Web | =1.1.1 | |
| Red Hat IcedTea-Web | =1.1.2 | |
| Red Hat IcedTea-Web | =1.1.3 | |
| Red Hat IcedTea-Web | =1.1.4 | |
| Red Hat IcedTea-Web | =1.1.5 | |
| Red Hat IcedTea-Web | =1.1.6 | |
| Red Hat IcedTea-Web | =1.1.7 | |
| Red Hat IcedTea-Web | =1.2 | |
| Red Hat IcedTea-Web | =1.2.1 | |
| Red Hat IcedTea-Web | =1.3 | |
| Red Hat IcedTea-Web | =1.3.1 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =11.10 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =12.10 | |
| openSUSE | =12.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
- http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c
- https://rhn.redhat.com/errata/RHSA-2013-0753.html
- https://bugzilla.redhat.com/show_bug.cgi?id=916774
- http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS
- http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html
- http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html
- http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
- http://osvdb.org/92543
- http://rhn.redhat.com/errata/RHSA-2013-0753.html
- http://secunia.com/advisories/53109
- http://secunia.com/advisories/53117
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:146
- http://www.securityfocus.com/bid/59281
- http://www.ubuntu.com/usn/USN-1804-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83642
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123
Frequently Asked Questions
What is the severity of CVE-2013-1926?
CVE-2013-1926 has a medium severity rating, indicating potential access and information exposure risks.
How do I fix CVE-2013-1926?
To fix CVE-2013-1926, update IcedTea-Web to version 1.2.3 or 1.3.2 or higher.
What systems are affected by CVE-2013-1926?
CVE-2013-1926 affects various versions of the IcedTea-Web plugin from Red Hat and Ubuntu systems.
What is the impact of CVE-2013-1926?
The impact of CVE-2013-1926 includes the risk of malicious applets potentially gaining unauthorized access to information from other applets.
Is CVE-2013-1926 still a concern for users?
Yes, CVE-2013-1926 remains a concern for users running outdated versions of IcedTea-Web, especially in susceptible environments.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-1926
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/red hat icedtea-web
- version/red hat icedtea-web/1.2.2
- version/red hat icedtea-web/1.0
- version/red hat icedtea-web/1.0.1
- version/red hat icedtea-web/1.0.2
- version/red hat icedtea-web/1.0.3
- version/red hat icedtea-web/1.0.4
- version/red hat icedtea-web/1.0.5
- version/red hat icedtea-web/1.0.6
- version/red hat icedtea-web/1.1
- version/red hat icedtea-web/1.1.1
- version/red hat icedtea-web/1.1.2
- version/red hat icedtea-web/1.1.3
- version/red hat icedtea-web/1.1.4
- version/red hat icedtea-web/1.1.5
- version/red hat icedtea-web/1.1.6
- version/red hat icedtea-web/1.1.7
- version/red hat icedtea-web/1.2
- version/red hat icedtea-web/1.2.1
- version/red hat icedtea-web/1.3
- version/red hat icedtea-web/1.3.1
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/11.10
- version/ubuntu linux/12.04
- version/ubuntu linux/12.10
- vendor/opensuse
- canonical/opensuse
- version/opensuse/12.2