FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Several vulnerabilities found in IcedTea-Web

Affected packages
icedtea-web < 1.2.1


VuXML ID 55b498e2-e56c-11e1-bbd5-001c25e46b1d
Discovery 2012-07-31
Entry 2012-08-13

The IcedTea project team reports:

CVE-2012-3422: Use of uninitialized instance pointers

An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code.

The get_cookie_info() and get_proxy_info() call getFirstInTableInstance() with the instance_to_id_map hash as a parameter. If instance_to_id_map is empty (which can happen when plugin was recently removed), getFirstInTableInstance() returns an uninitialized pointer.

CVE-2012-3423: Incorrect handling of non 0-terminated strings

It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution.

Mozilla browsers currently NUL terminate strings, however recent Chrome versions are known not to provide NUL terminated data.


CVE Name CVE-2012-3422
CVE Name CVE-2012-3423