icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite
It was found that icedtea-web did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user...