Don't know how many people spotted this last week, but Sun released a security fix for the java plugin
download j2re 1.4.2_05 here
Make the downloaded .bin file executable and execute to extract the rpm. Then install the rpm. Don't forget to update your symlink to your browser(s) plugin directory (you'll need to do this for each browser you use
I'm guessing a lot of people use this plugin but it never gets updated once installed.
EDIT: Updated links