Multiple vulnerabilities existed in Java 1.6.0_51, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.

Fourth, the Java Security Manager, which provides support for running applets by sandboxing untrusted downloaded code, will be removed with the JDK 24 release in March.

Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.

Oracle will release a new version of Java on Tuesday that will include 42 security fixes and will make changes to how Web-based Java content will be presented inside browsers.