Sun describes a flaw at: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1 Two vulnerabilities in Java Web Start may allow an untrusted application to read and write local files that are accessible to the user running the untrusted application.
These issues did not affect the versions of Sun JDK as shipped with Red Hat Enterprise Linux Extras 4 or 5.