In article , Stewart Robert Hinsley
says...

Both Java Applets and JavaScript are supposed to be properly sandboxed.

[1] sandboxed - confined to using a reduced set of the capabilities of
your computer so that it can do any harm if it is maliciously or
incompetently programmed.

[2] buffer overrun attack - in an insufficiently defensively programmed
piece of software a malicious user can write, say, 110 characters where
only 100 is allowed for. This overwrites other data; depending on what
the data is it can have severe effects.

[3] exploit - a means of defeating the security features of a computer.
--
Stewart Robert Hinsley

I always browse with JavaScript disabled. I read a few months ago of a
security expert demonstrating that it is possible to create a scenario
whereby control can break out beyond the sand box. I don't know if
exploits of this are out in the wild yet, but apparently the exploit was
impossible to block as the attack was constructed with simple standard
JavaScript (just used in an unconventional way). The "fix" would
apparently render JavaScript useless.

This of course means that if you simply visit the wrong web site with
JavaScript enabled, then you have handed the keys of your computer to
someone else, who can do or plant whatever malware they like on your
computer. This security breach will still happen on fully patched
Windows systems with up to date firewall and anti-virus software. To
make matters worse, apparently with cross-site scripting the malware can
even be put onto your system via "legitimate" web sites too.

I'm beginning to think that two (none-networked) computers are necessary
nowadays. One for browsing the web in general and one for accessing
online bank accounts or other sensitive sites.
--
David in Normandy.
(The free MicroPlanet Gravity newsreader is great for eliminating
rubbish and cross-posts)