A public static field declaration allowed untrusted applications/applets to read privileged data. A remote attacker could directly or indirectly read the values of restricted system properties like "user.name", "user.home" and "java.home", which restricted applets or applications should not be allowed to read. http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28
Public now via IcedTea6 1.7.6, 1.8.3 and 1.9.2 release announcement too: http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/
Created java-1.6.0-openjdk tracking bugs for this issue Affects: fedora-all [bug 658953]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0176 https://rhn.redhat.com/errata/RHSA-2011-0176.html