public class TestApplet extends Applet { public static void main(String[] a) { } public void init() { JSObject i = new JSObject(Integer.MAX_VALUE); JSObject j = new JSObject(Long.MAX_VALUE); i.getMember("Willi"); j.getMember("Willi"); } } segfaults the browser. The parameter to JSObject is interpreted as memory location, and a getMember call makes access to it. Giving these functionality to untrusted Affects: F10, F11 Proposed fix: Remove public visibility of JSObject(long) and JSObject(int)