The IcedTea project team reports:
CVE-2012-3422: Use of uninitialized instance pointers
An uninitialized pointer use flaw was found in IcedTea-Web web
browser plugin. A malicious web page could use this flaw make
IcedTea-Web browser plugin pass invalid pointer to a web browser.
Depending on the browser used, it may cause the browser to crash
or possibly execute arbitrary code.
The get_cookie_info() and get_proxy_info() call
getFirstInTableInstance() with the instance_to_id_map hash as
a parameter. If instance_to_id_map is empty (which can happen
when plugin was recently removed), getFirstInTableInstance()
returns an uninitialized pointer.
CVE-2012-3423: Incorrect handling of non 0-terminated strings
It was discovered that the IcedTea-Web web browser plugin
incorrectly assumed that all strings provided by browser are NUL
terminated, which is not guaranteed by the NPAPI (Netscape Plugin
Application Programming Interface). When used in a browser that
does not NUL terminate NPVariant NPStrings, this could lead to
buffer over-read or over-write, resulting in possible information
leak, crash, or code execution.
Mozilla browsers currently NUL terminate strings, however recent
Chrome versions are known not to provide NUL terminated data.