Red Hat has issued an update for icedtea-web
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions
An error within the browser plugin uses the same class loader for applets with the same codebase paths, which can be exploited to gain information about or to manipulate currently running applets from other domains.
error within the plugin does not properly verify the format of the downloaded Java Archive (JAR) files and can be exploited to execute code in the context of arbitrary websites.
Vendor recommends updating to Version 1.2.3