JRE proxy implementation is vulnerable to information disclosure. Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks.
blogs.sun.com/security/entry/advance_notification_of_security_updates5
java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
java.sun.com/javase/6/webnotes/6u15.html
lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
marc.info/?l=bugtraq&m=125787273209737&w=2
secunia.com/advisories/36162
secunia.com/advisories/36176
secunia.com/advisories/36180
secunia.com/advisories/36199
secunia.com/advisories/36248
secunia.com/advisories/37300
secunia.com/advisories/37386
secunia.com/advisories/37460
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
www.mandriva.com/security/advisories?name=MDVSA-2009:209
www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/35943
www.securitytracker.com/id?1022659
www.us-cert.gov/cas/techalerts/TA09-294A.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/2543
www.vupen.com/english/advisories/2009/3316
access.redhat.com/errata/RHSA-2009:1201
exchange.xforce.ibmcloud.com/vulnerabilities/52336
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11115
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8259
rhn.redhat.com/errata/RHSA-2009-1199.html
rhn.redhat.com/errata/RHSA-2009-1200.html
rhn.redhat.com/errata/RHSA-2009-1201.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html