Oracle Java SE 7 Update 21 fixes multiple unspecified vulnerabilities in the JavaFX component. Upstream has CVSSv2 scored these issue as: CVE-2013-2414 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C CVE-2013-2428 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C CVE-2013-2427 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C CVE-2013-0402 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C CVE-2013-1561 5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N CVE-2013-1564 5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N CVE-2013-2438 5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N External Reference: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
(In reply to comment #0) > CVE-2013-0402 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C This is VUPEN CanSecWest 2013 issue, see bug 920246.
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0757 https://rhn.redhat.com/errata/RHSA-2013-0757.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0822 https://rhn.redhat.com/errata/RHSA-2013-0822.html