Multiple local file-access and information-disclosure vulnerabilities have been discovered in Sun Java WebStart. Multiple versions of Java and platforms, including Windows, Linux, and Solaris are affected. There are no known exploits for this flaw at the moment.
An attacker could exploit these issues to obtain sensitive information and to read and write arbitrary files on the affected computer with the privileges of the user running the untrusted Java application.
Sun has released an update and advisory addressing this issue. Check out the SecurityFocus solution section for the reference specific to your platform and edition of Java.