...
Privileges are lost as soon as untrusted code is executed. Even if trusted code calls some untrusted code that attempts to perform some action requiring permissions not granted by the security policy, the action is not allowed. However, privileged code may attempt to use a class that exists in an untrusted container and performs only unprivileged operations. If the attacker replaces this class with a malicious implementation, the application can be exploitedtrusted code will retrieve incorrect results.
| Wiki Markup |
|---|
According to the Java API \[[JarSpec 08|AA. Java References#JarSpec 08]\], {{JAR}} file specification: |
...