java is vulnerable to privilege escalation. The vulnerability exists as a flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet.
blogs.sun.com/security/entry/advance_notification_of_security_updates4
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133
lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
marc.info/?l=bugtraq&m=124344236532162&w=2
secunia.com/advisories/34489
secunia.com/advisories/34496
secunia.com/advisories/34632
secunia.com/advisories/35223
secunia.com/advisories/35255
secunia.com/advisories/37386
secunia.com/advisories/37460
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1
support.avaya.com/elmodocs2/security/ASA-2009-108.htm
www.mandriva.com/security/advisories?name=MDVSA-2009:137
www.mandriva.com/security/advisories?name=MDVSA-2009:162
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2009-0392.html
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/34240
www.securitytracker.com/id?1021919
www.ubuntu.com/usn/usn-748-1
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/1426
www.vupen.com/english/advisories/2009/3316
access.redhat.com/errata/RHSA-2009:0377
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722
rhn.redhat.com/errata/RHSA-2009-0377.html