"Oracle just released Java 6, Update 39, meaning that SiteBuilder installs a version of Java that includes hundreds of known, critical security vulnerabilities that can be used to remotely compromise host PCs," Krebs writes.
"It’s uncertain if Java 6 Update 7 is the only version on which the site builder app works, but that’s highly unlikely," writes Softpedia's Eduard Kovacs. "The more plausible scenario is that Yahoo! has simply forgotten to update the Java installer along with the application."
"Over the last several months, Oracle has shown that it’s trying to respond more quickly to critical security issues," writes Geek.com's Lee Mathews. "Unfortunately not everyone that’s offering up Java downloads has bothered to maintain the same pace."