Quite a while ago I was testing with applets and found this by accident. It is definitely not a big issue, but worth to mention, as I discovered that an applet was eating up all the free space on the harddrive by allocating a large file in the users hidden temp dir (filename is something like +~JF57558.tmp ).
Even when leaving the page the applet continues to work due to the broken event management between the browser and the JVM and after quitting the browser the temp file is not deleted. Therefore it leaves the machine in a terrible state, with no available space left, necessary for automatic security updates. And I am just transferring zero bytes but more harmful payload is certainly possible.
Java is supposed to work similar on all platforms (write once, crash everywhere :-). So please tell me whether the following link fills up your hard disk (use on your own RISK, of course): http://www.illegalaccess.org/exploit/FullDiskApplet.html
I tested with Firefox 18.104.22.168 and JDK 1.4.2_11 on a WinXP box and on another XP machine with IE6 , JDK 1.5.0_06.
But I doubt that Sun will ever fix the bug, as they know the issue since 2004.