Web Design & Development Guide

Browser exploit

Home
Up

A browser exploit is a short piece of code that exploits a software bug in a web browser such that the code makes the browser do something unexpected, including crash, read or write local files, propagate a virus or install spyware. Malicious code may exploit HTML, JavaScript, Images, ActiveX, Java and other internet technologies. HTML alone is harmless (can only crash browser in some cases on vulnerable web browsers), however, in conjunction with malicious ActiveX or Java code, it can potentially freeze or crash a browser, or even crash the computer running that browser.

The term "browser exploit" can also refer to the actual bug in the browser code.

Browser exploits families

Cross Zone Scripting exploits vulnerabilities related to the "zone" concept in some browsers; i.e. a page in "Internet zone" is able to initate execution with "Local Computer", "Local Intranet" or "Trusted Sites" zone privileges.

Home
Up
Browser exploit
Cross-site cooking
Cross-site request forgery
Cross-site scripting
Cross-zone scripting
Directory traversal
Evil twin (wireless networks)
HTTP response splitting
IDN homograph attack
Referer spoofing
Session fixation
Session poisoning
Website spoofing