Without getting into the technical and the back end doings of the site, that description would make it NOT a bug on the site. Much more likely a miscommunication between java and that computer's anti-virus. (Depending on whether it was a legitimate java update or not.)
Other possibility is a "drive by" -- a bit of malicious code that dropped in from an ad or infected page that was browsed some time in the past. They get written with a time delayed trigger. The site you are on when it triggers usually has nothing to do with where the machine picked it up.
It's not a comment on the users' browsing habits, either. These days server farms exist to feed ads to pages all over the internet. If the server host, the ad creator and the site and site host aren't diligent, an infected ad can slip in from one of those third party servers.
Just in case that is the situation, safe practice would be to delete the history and temp files of the computers' browsers and restart the computer. When it boots up, run both anti-virus and malware scans.