...
The default security model of an applet does not allow access to sun.util.calendar.ZoneInfo because applets cannot be permitted to invoke any method from any class within the sun package. As a result, prior to JDK 1.6 u11, the acceptable method for an unsigned applet to deserialize a ZoneInfo object was to execute the call from a privileged context, such as a doPrivileged() block. This constitutes a vulnerability because there is no guaranteed method of knowing whether the serialized stream contains a bona fide ZoneInfo object rather than a malicious serializable class. The vulnerable code casts the malicious object to the ZoneInfo type, which typically causes a ClassCastException if the actual deserialized class is not a ZoneInfo object. This exception, however, is of little consequence because it is possible to store a reference to the newly created object in a static context so that the garbage collector cannot act upon it.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e3a78f0ba63bba90-4e4112d8-407847e9-8248b407-a514173719bd5b5215c670f1"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. References#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bb9e2bded8aeffab-f6c43aac-435a4c30-9dc19088-3332828db9a00b3c3aae2dbe"><ac:plain-text-body><![CDATA[ | [[CVE 2011 | AA. References#CVE 08]] | [CVE-2008-5353 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353] | ]]></ac:plain-text-body></ac:structured-macro> |
...