| Java 1.6.0 has a long list of vulnerabilities.
From the Red Hat alert:
CVE-2006-2426 Untrusted applet causes DoS by filling up disk space
CVE-2009-1101 OpenJDK JAX-WS service endpoint remote Denial-of-Service
CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service
CVE-2009-1094 OpenJDK LDAP client remote code execution
CVE-2009-1095 CVE-2009-1096 OpenJDK Pack200 Buffer overflow vulnerability
CVE-2009-1102 OpenJDK code generation vulnerability
CVE-2009-1097 OpenJDK PNG processing buffer overflow vulnerability
CVE-2009-1098 OpenJDK GIF processing buffer overflow vulnerability
CVE-2009-1099 OpenJDK: Type1 font processing buffer overflow vulnerability
CVE-2009-1100 OpenJDK: DoS (disk consumption) via handling of temporary font files
CVE-2009-1103 OpenJDK: Files disclosure, arbitrary code execution via "deserializing applets"
CVE-2009-1104 OpenJDK: Intended access restrictions bypass via LiveConnect
CVE-2009-1105 OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE
CVE-2009-1106 OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass)
CVE-2009-1107 OpenJDK: Signed applet remote misuse possibility | 