Browsers are powerful tools that enable a wide range of utilities for a user interacting with websites and web applications. Even with these powerful tools in place, browsers are still insecure beasts, full of security flaws and issues despite the extensive updates integrated within the HTML5 standard.
This is where Caja can help. There are numerous attack vectors that are exploitable in browsers that Caja aims to safeguard against. We will take a look at a few of these attack vectors to identify the exploitable browser components that Caja aims to protect against.
For a full list of attack vectors that Caja checks for, see http://code.google.com/p/google-caja/wiki/AttackVectors.