they come from websites and try to use vulnerabilities in java or Your browser
for info you can Google the exploit name CVE-2012-0507 there are online lists of these like here http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0507