This is good actually. Holes like this exist for just about everything. They're traded in very tight circles with people highly motivated to keep them secret. If someone gets a hold of one and wants to make a quick buck selling it instead of exploiting it then it's pretty much the end of that exploit. It will get identified and patched.
Honestly the best possible way to root out these long standing exploits in browsers/flash/java is to offer rewards for those exploits. Big ones.