Javadoc HTML pages that were created by Javadoc 7 Update 21 and before, 6 Update 45 and before, 5.0 Update 45 and before, JavaFX 2.2.21 and before contain a frame injection vulnerability that could allow an attacker to replace a Javadoc web page frame with a malicious page.
An attacker can cause one of the frames within a Javadoc-generated web page to be replaced with a malicious page. This vulnerability could be used for phishing or social engineering, or it could be used for browser exploitation if combined with another browser-related vulnerability.
Thanks to Oracle for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2013-06-18|
|Date Last Updated:||2013-06-26 22:32 UTC|