IcedTea-Web plug-in is vulnerable to information disclosure. The application incorrectly uses the same class loader instance for applets with the same value of the codebase
attribute even if they originated from different domains. An attacker is able to create a malicious applet to exploit the vulnerability to obtain confidential information, or possible modify other applets.
icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS
icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586
icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c
lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
lists.opensuse.org/opensuse-updates/2013-04/msg00106.html
lists.opensuse.org/opensuse-updates/2013-05/msg00003.html
lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
lists.opensuse.org/opensuse-updates/2013-06/msg00034.html
lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
osvdb.org/92543
rhn.redhat.com/errata/RHSA-2013-0753.html
secunia.com/advisories/53109
secunia.com/advisories/53117
www.mandriva.com/security/advisories?name=MDVSA-2013:146
www.securityfocus.com/bid/59281
www.ubuntu.com/usn/USN-1804-1
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=916774
exchange.xforce.ibmcloud.com/vulnerabilities/83642
rhn.redhat.com/errata/RHSA-2013-0753.html
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123