Description
It was discovered that IcedTea-Web did not properly sanitize applet URLs when
storing applet trust settings. A malicious web page could use this flaw to
inject trust-settings configuration, and cause applets to be executed without
user approval. (CVE-2015-5234)
* It was discovered that IcedTea-Web did not properly determine an applet's
origin when asking the user if the applet should be run. A malicious page could
use this flaw to cause IcedTea-Web to execute the applet without user approval,
or confuse the user into approving applet execution based on an incorrectly
indicated applet origin. (CVE-2015-5235)