IcedTea-Web is vulnerable to denial of service. A web browser with the IcedTea-Web plug-in crashes when visiting a malicious web page due to an uninitialized pointer use. The vulnerability could potentially disclose memory containing confidential information, or allow remote attackers to execute arbitrary code in the victim’s system.
icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS
lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html
lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html
lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html
lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
rhn.redhat.com/errata/RHSA-2012-1132.html
secunia.com/advisories/50089
security.gentoo.org/glsa/glsa-201406-32.xml
www.ubuntu.com/usn/USN-1521-1
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=840592
rhn.redhat.com/errata/RHSA-2012-1132.html