Yesterday, Apple announced multiple vulnerabilities in QuickTime and provided a new update (7.6.6). This update fixes vulnerabilities which, "may lead to an unexpected application termination or arbitrary code execution". For more information see Apple's announcement: http://support.apple.com/kb/HT4104.
Java also announced that they found and fixed 27 new security related bugs in their newest version of Java (6 U19). From Oracle's website: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 27 new security fixes across all products.". For more information see: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
We have updated SecBrowsing to warn users that run earlier, vulnerable versions of QuickTime and Java plugins in their browser.