The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0123
https://exchange.xforce.ibmcloud.com/vulnerabilities/83642
https://bugzilla.redhat.com/show_bug.cgi?id=916774
http://www.ubuntu.com/usn/USN-1804-1
http://www.securityfocus.com/bid/59281
http://www.mandriva.com/security/advisories?name=MDVSA-2013:146
http://secunia.com/advisories/53117
http://secunia.com/advisories/53109
http://rhn.redhat.com/errata/RHSA-2013-0753.html
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00034.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html
http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html
http://lists.opensuse.org/opensuse-updates/2013-05/msg00003.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html
http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/25dd7c7ac39c
http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/34b6f60ae586
http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.3/NEWS