Finnish security researcher Jouko Pynnonen has found a vulnerability in Sun Java plugin that is used by most web browsers. Using this vulnerability a malicous applet can espace Java sandbox, and do whatever it wants on the system. Java Runtime version 1.4.2_05 and older are vulnerable to this problem.
This vulnerability is particularly interesting since it's Java and thus not limited to Windows & IE combination, according to Jouko the problem also affects Mozilla Firefox both on Windows and Linux systems.
Similar vulnerabilities have been widely used by malicous web sites, so it is recommended to patch the Java runtime, no matter which operating system you are using.