Java 0-day Vulnerability

The front page of Slashdot today tells us that another Java 0-day has been found. It works in Metasploit and is being used in the wild. Turn off the Java plugin now! Never turn it back on.
[article]

The analysis of this seems to point to the getField function of sun.awt.SunToolkit. See the code below ... Read more »

Java CVEs

The main list of CVEs for Java can be found at CVE Details. Some have ended up under Oracle instead of Sun.

If you use Java on a server or on a mobile phone, there are different vulnerabilities. JBoss and Oracle Application Server are two of the most popular J2EE setups. Read more »