A public static field declaration allowed untrusted applications/applets to read privileged data. A remote attacker could directly or indirectly read the values of restricted system properties like "user.name", "user.home" and "java.home", which restricted applets or applications should not be allowed to read.
Public now via IcedTea6 1.7.6, 1.8.3 and 1.9.2 release announcement too:
Created java-1.6.0-openjdk tracking bugs for this issue
Affects: fedora-all [bug 658953]
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2011:0176 https://rhn.redhat.com/errata/RHSA-2011-0176.html