I love all these 'embarrassingly trivially exploitable issues' that require me to set up my machine in just the right way to make them work. And for all that effort, you can't even own the machine using the exploit.<p>What has it been? 15 years? and this is the best they can come up with for java security holes?<p>You know, I don't like java, but the more stuff like this I read, the more I have to admit that it is smart for enterprises to use it so heavily.<p>An interesting comparison might be to look at the number of java security holes vs activex vs windowsxp vs apache vs iis vs php vs ruby vs (you get the picture). Maybe group by client side and server side. That would give a real 'data based' look at software security quality.<p>Though I suspect that the jvm would be at the top of the 'security quality' heap in both groupings. (ie-least number of holes). I think it would be interesting to see nonetheless.