It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution.
Mozilla browsers currently NUL terminate strings, however recent Chrome versions are known not to provide NUL terminated data.
Related upstream bug reports and commits:
Created icedtea-web tracking bugs for this issue
Affects: fedora-all [bug 844770]
Fixed upstream in IcedTea-web 1.1.6 and 1.2.1:
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2012:1132 https://rhn.redhat.com/errata/RHSA-2012-1132.html
icedtea-web-1.3-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
icedtea-web-1.3-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.