Red Hat Security Advisory 2013-0753-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser.
c1ce692c1521d0837522bfb3b37e40034340611dd97379e2d399b43394575abe