Normally applets run in a security sandbox, much like JavaScript, but with signed applets those restrictions are lifted and the applet can do anything. At least, that’s the theory – in practice most implementations leave a security manager instance installed but with significantly reduced restrictions (such that most programs will never be affected by them). To get around these remaining restrictions, applets can remove or replace the security manager:

System.setSecurityManager(null);

Having set a null security manager though, you will start to get NullPointerExceptions in Firefox on OS X when you try to call Java methods from JavaScript (via LiveConnect). Basically, Firefox is assuming that there will always be a security manager in place. To get LiveConnect working again, rather than setting the security manager to null, simply create a new security manager that allows everything:

System.setSecurityManager(new SecurityManager() {
    @Override
    public void checkPermission(Permission perm) {
    }
});

No more exceptions from Firefox and LiveConnect is working again, but still no restrictions on what you can do. For the record, the exception Firefox will give is:

java.lang.NullPointerException
at netscape.oji.JNIUtils.checkClassAccess(JNIUtils.java:106)
at netscape.oji.JNIUtils.checkClassAccess(JNIUtils.java:68)
at java.lang.Class.getDeclaredMethods0(Native Method)
at java.lang.Class.privateGetDeclaredMethods(Class.java:2427)
at java.lang.Class.privateGetPublicMethods(Class.java:2547)
at java.lang.Class.getMethods(Class.java:1410)
at netscape.oji.JNIRunnable.run(Native Method)
at netscape.oji.LiveConnectProxy.run(LiveConnectProxy.java:48)