Omair Majid

**Name of the Vulnerable Software and Affected Versions** IcedTea6 versions 1.9.x before 1.9.9 IcedTea6 versions 1.8.x before 1.8.9 IcedTea-Web versions 1.1.x before 1.1.1 IcedTea-Web versions 1.0.x before 1.0.4 **Description** The Java Network Launching Protocol (JNLP) implementation allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader. **Recommendations** For IcedTea6 versions 1.9.x before 1.9.9, update to version 1.9.9 or later. For IcedTea6 versions 1.8.x before 1.8.9, update to version 1.8.9 or later. For IcedTea-Web versions 1.1.x before 1.1.1, update to version 1.1.1 or later. For IcedTea-Web versions 1.0.x before 1.0.4, update to version 1.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** IcedTea6 versions 1.9.x through 1.9.8 IcedTea6 versions 1.8.x through 1.8.8 IcedTea-Web versions 1.1.x through 1.1.0 IcedTea-Web versions 1.0.x through 1.0.3 **Description** The issue allows remote attackers to deceive victims into granting access to local files. This is achieved by modifying the content of the Java Web Start Security Warning dialog box, making it represent a different filename than the file for which access will be granted. **Recommendations** For IcedTea6 versions 1.9.x through 1.9.8, update to version 1.9.9 or later. For IcedTea6 versions 1.8.x through 1.8.8, update to version 1.8.9 or later. For IcedTea-Web versions 1.1.x through 1.1.0, update to version 1.1.1 or later. For IcedTea-Web versions 1.0.x through 1.0.3, update to version 1.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** IcedTea versions 1.7 through 1.7.6 IcedTea versions 1.8 through 1.8.3 IcedTea versions 1.9 through 1.9.3 **Description** The issue allows context-dependent attackers to bypass the intended security policy by creating instances of `ClassLoader`. This might enable attackers to execute arbitrary code. **Recommendations** For IcedTea versions 1.7 through 1.7.6, update to version 1.7.7 or later. For IcedTea versions 1.8 through 1.8.3, update to version 1.8.4 or later. For IcedTea versions 1.9 through 1.9.3, update to version 1.9.4 or later.