Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."
https://exchange.xforce.ibmcloud.com/vulnerabilities/16864
http://www.securityfocus.com/bid/10844
http://www.securityfocus.com/archive/1/371208
http://securitytracker.com/id?1011661
http://secunia.com/advisories/12206
http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html