CVE-2008-5342

NameCVE-2008-5342
DescriptionUnspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs508194, 508195

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openjdk-6source(unstable)(not affected)
sun-java5source(unstable)1.5.0-17-0.1medium508194
sun-java5sourcelenny1.5.0-22-0lenny1medium
sun-java6source(unstable)6-12-1medium508195
sun-java6sourcelenny6-20-0lenny1medium

Notes

[etch] - sun-java5 <no-dsa> (Non-free not supported)
- openjdk-6 <not-affected> (browser plugin is different code base)

Search for package or bug name: Reporting problems