This is a general alert for all Java applications. Hence affects the JBoss ecosystem users also.
Oracle has released update 24 of the JDK 1.6 to resolve the Security vulnerability as outlined in http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
So, please upgrade to Oracle JVM 1.6u24 asap.
As always, please refer to the community notification page at JBoss.