The JRE is just a program that can invoke a JVM and the library of SUN provided class and property files. It includes the plug-in.
Any security is involved in the JVM. If the JVM is NOT the java.exe in the JRE, then it must be one created by some vendor other than SUN. Netscape and IE each have a JVM created by their respective vendors that follow the SUN specs. They are intended to run in browsers and therefore follow the security rules for the "sandbox" that SUN specified for
Applets. Then the browser also supplies a copy of the SUN libraries for whatever version of
Java that it supports.
You can get a plugin from SUN to point the browser to the SUN JVM and class libraries which effectively upgrades the browser to a higher version of Java. This plug-in comes already bundled in the JRE, but you need to change the HTML to implement it.
http://java.sun.com/products/plugin/ http://java.sun.com/products/plugin/1.1.1/docs/tags.html#Intro Is this what you mean?