A flaw was found in the way the AWT component of OpenJDK running on Microsoft Windows platform handled menus. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
This flaw only affects OpenJDK versions running on Microsoft Windows. OpenJDK versions for Linux do not use the affected code and were therefore not affected by this issue.
Public now via Oracle CPU October 2016, fixed in Oracle JDK 8u111, 7u121, and 6u131. External References: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA
OpenJDK 8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f75edc10277f