A serious vulnerability in the JVM was identified via CVE and has been handled by Oracle/Sun. Please see the following article for more details:
This is an issue that affects all Java applications that may be performing Double-String operations.
In summary, JBoss AS users should try to upgrade to JDK 1.6 Update 23 and use the Floating Point Updater Tool from here.
JDK/JRE6 Update 24 (forthcoming) will fix the issue. Until then please run the updater tool.
Reference Page for JBoss AS Security Vulnerabilities: http://community.jboss.org/wiki/SecurityVulnerabilitiesNotificationtoCommunity
Additional information is available from Oracle Blog Post.