Hacking the Internet user:Malicious mobile code
Java basic security: (a) strong typing enforced at compile and execution time, (b) built in JVM bytecode verifier controls memory space (buffer overflows are difficult to happen), (c) no memory pointers (making difficult to insert commands in running code), (d) security manager (control access to computer resources), and (e) code signing similar to Authenticode. Recommendations: update and use security zones.
Beware of the “cookie monster”: cookies can be per session or persistent.
IE HTML frame vulnerabilities. The IE's cross-domain security model (a domain is a security boundary - any open windows within the same domain can interact with each other, but windows from different domains cannot).