VDB
DEBIAN-CVE-2011-3377
DEBIAN-CVE-2011-3377
PUBLISHED
CVSS 9.300000190734863 CRITICAL
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | icedtea-web | 0, 0, 0 |
| Debian:11 | icedtea-web | 0, 0, 0 |
| Debian:13 | icedtea-web | 0, 0, 0 |
| Debian:12 | icedtea-web | 0, 0, 0 |
Timeline
- Feb 5, 2014 CVE Published
- Apr 28, 2026 CVE Updated