It was discovered that the JNLP SecurityManager in IcedTea for Java
OpenJDK in some instances failed to properly apply the intended
scurity policy in its checkPermission method This could allow an
attacker execute code with privileges that should have been prevented
It was discovered that IcedTea for Java did not properly verify
signatures when handling multiply signed or partially signed JAR files,
allowing an attacker to cause code to execute that appeared to come
from a verified source (CVE-2011-0025) ...
Several security vulnerabilities were discovered in OpenJDK, an
implementation of the Java platform
The JNLP SecurityManager returns from the checkPermission method
instead of throwing an exception in certain circumstances, which
might allow context-dependent attackers to bypass the intended
security policy by creati ...