Java is a platform independent programming language developed by Sun Microsystems. One popular use of Java is to embed small applications (known as applets) in web pages. Applet bytecode is contained in ".class" files downloaded via the network. Once downloaded the Java bytecode is executed by the Java Virtual Machine in what's known as a secure "sandbox" environment. Any attempt to access a resource outside of the sandbox will result with a security violation and the program will terminate.
The security of the sandbox is maintained by the bytecode verifier and the security manager. Bytecode verification is performed before instructions are executed to detect illegal or malformed instructions which can be used to leave the sandbox. The security manager monitors the instructions to prevent the execution of any privileged instruction. A privileged instruction is one which can read, write, create, or delete local files, establish connections to servers other than the origin server, load libraries, or execute native code using native methods.
Even though Java was designed to avoid security problems, bugs have been found which allow applets to circumvent the security system. The following is a overview of some of these bugs: