The JNLPClassLoader implementation incorrectly assigns ALL_PERMISSIONS to untrusted code in multiple signer scenarios. An attacker could misuse this to elevate privileges.
Fixed in IcedTea6 1.7.10, IcedTea6 1.8.7 and IcedTea6 1.9.7:
This issue did not affect the versions of the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux 5 and 6.
I'm not sure why this bug is still open, but the product is separate from the java-1.x.0-openjdk packages these days and is called "IcedTea-Web".