--- a/ChangeLog	Wed Jul 25 16:10:02 2012 -0400
+++ b/ChangeLog	Tue Jul 24 13:58:42 2012 -0400
@@ -1,3 +1,13 @@
+2012-07-25  Adam Domurad  <adomurad@redhat.com>
+
+	CVE-2012-3422, RH840592: Potential read from an uninitialized
+	memory location.
+	* plugin/icedteanp/IcedTeaNPPlugin.cc
+	(get_cookie_info): Only attempt to perform this operation if there is a
+	valid plugin instance
+	(get_proxy_info): Only attempt to perform this operation if there is a
+	valid plugin instance
+
 2012-07-25  Adam Domurad  <adomurad@redhat.com>
 
 	Allow passing of plugin tables and browser tables in NP_Initialize that

--- a/NEWS	Wed Jul 25 16:10:02 2012 -0400
+++ b/NEWS	Tue Jul 24 13:58:42 2012 -0400
@@ -9,7 +9,10 @@
 CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
 New in release 1.1.6 (2012-XX-XX):
- * Plugin
+* Security Updates
+  - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
+  - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
+* Plugin
   - PR863: Error passing strings to applet methods in Chromium
   - PR518: NPString.utf8characters not guaranteed to be nul-terminated
 

--- a/plugin/icedteanp/IcedTeaNPPlugin.cc	Wed Jul 25 16:10:02 2012 -0400
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc	Tue Jul 24 13:58:42 2012 -0400
@@ -886,6 +886,11 @@
 NPError
 get_cookie_info(const char* siteAddr, char** cookieString, uint32_t* len)
 {
+  // Only attempt to perform this operation if there is a valid plugin instance
+  if (g_hash_table_size(instance_to_id_map) <= 0)
+  {
+    return NPERR_GENERIC_ERROR;
+  }
 #if MOZILLA_VERSION_COLLAPSED < 1090100
   nsresult rv;
   nsCOMPtr<nsIScriptSecurityManager> sec_man =
@@ -1306,6 +1311,11 @@
 NPError
 get_proxy_info(const char* siteAddr, char** proxy, uint32_t* len)
 {
+  // Only attempt to perform this operation if there is a valid plugin instance
+  if (g_hash_table_size(instance_to_id_map) <= 0)
+  {
+	  return NPERR_GENERIC_ERROR;
+  }
 #if MOZILLA_VERSION_COLLAPSED < 1090100
   nsresult rv;