1
Candidate: CVE-2009-1104
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104
6
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime
7
Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and
8
1.4.2_19 and earlier does not prevent Javascript that is loaded from the
9
localhost from connecting to other ports on the system, which allows
10
user-assisted attackers to bypass intended access restrictions via
11
LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged
12
with separate cross-site scripting (XSS) vulnerabilities for remote attack
22
upstream_sun-java6: released (6.13)
24
gutsy_sun-java6: needs-triage (reached end-of-life)
25
hardy_sun-java6: released (6.20dlj-0ubuntu1.8.04)
26
intrepid_sun-java6: needs-triage (reached end-of-life)
27
jaunty_sun-java6: released (6.20dlj-0ubuntu1.9.04)
28
karmic_sun-java6: released (6.20dlj-0ubuntu1.9.10)
29
lucid_sun-java6: released (6.20dlj-1ubuntu3)
33
upstream_sun-java5: released (1.5.0-18)
34
dapper_sun-java5: ignored (reached end-of-life)
35
gutsy_sun-java5: needs-triage (reached end-of-life)
36
hardy_sun-java5: not-affected (1.5.0-22-0ubuntu0.8.04)
37
intrepid_sun-java5: needs-triage (reached end-of-life)
38
jaunty_sun-java5: not-affected (1.5.0-19-0ubuntu0.9.04)
44
upstream_openjdk-6: not-affected (Sun Java only)
47
hardy_openjdk-6: not-affected (Sun Java only)
48
intrepid_openjdk-6: not-affected (Sun Java only)
49
jaunty_openjdk-6: not-affected (Sun Java only)
50
karmic_openjdk-6: not-affected (Sun Java only)
51
lucid_openjdk-6: not-affected (Sun Java only)
52
devel_openjdk-6: not-affected (Sun Java only)