Back to search
CVE-2013-6493
Published: Mar 3, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[distro-pkg-dev] 20140305 IcedTea-Web 1.4.2 released!
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1010958
x_refsource_CONFIRM
USN-2131-1
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20140207 IcedTea-Web insecure temporary directory use - CVE-2013-6493
mailing-list
x_refsource_MLIST
57036
third-party-advisory
x_refsource_SECUNIA
http://icedtea.classpath.org/hg/icedtea-web/rev/228e3652214a
x_refsource_CONFIRM
openSUSE-SU-2014:0310
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now