Browser exploit


Browser exploit

A browser exploit is a piece of code that exploits a software bug in a web browser such that the code makes the browser do something unexpected, including crash, read or write local files, propagate a virus or install spyware. Malicious code may exploit HTML, JavaScript, Images, ActiveX, Java and other Web technologies. HTML alone is harmless (can only crash browser in some cases on vulnerable web browsers), however, in conjunction with malicious ActiveX or Java code, it can potentially freeze or crash a browser, or even crash the computer running that browser.

The term "browser exploit" can also refer to the actual bug in the browser code.

Browser exploits families

Cross Zone Scripting exploits vulnerabilities related to the "zone" concept in some browsers; i.e. a page in "Internet zone" is able to initate execution with "Local Computer", "Local Intranet" or "Trusted Sites" zone privileges.

ee also

*Comparison_of_web_browsers#Vulnerabilities


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Browser Helper Object — A Browser Helper Object (BHO) is a DLL module designed as a plugin for Microsoft s Internet Explorer web browser to provide added functionality. BHOs were introduced in October 1997 with the release of version 4 of Internet Explorer. Most BHOs… …   Wikipedia

  • Safari (web browser) — Safari Safari 5.1 on Mac OS X Lion Developer(s) …   Wikipedia

  • Avant-Browser — Entwickler: Avant Force Aktuelle Version: 11.7 build 26 (14. April 2009) Betriebssystem: Windows Kategorie: Webbrowser …   Deutsch Wikipedia

  • HoneyMonkey — HoneyMonkey, short for Strider HoneyMonkey Exploit Detection System, is a Microsoft Research honeypot. The implementation uses a network of computers to crawl the World Wide Web searching for websites that use browser exploits to install malware… …   Wikipedia

  • Cross-site cooking — In cross site cooking, the attacker exploits a browser bug to send an invalid cookie to a server. Cross site cooking is a type of browser exploit which allows a site attacker to set a cookie for a browser into the cookie domain of another site… …   Wikipedia

  • Cross-zone scripting — is a browser exploit taking advantage of a vulnerability within a zone based security solution. The attack allows content (scripts) in unprivileged zones to be executed with the permissions of a privileged zone i.e. a privilege escalation within… …   Wikipedia

  • Cross-Site-Cooking — Beim Cross Site Cooking, nutzt der Angreifer einen Fehler des Browsers, um einen falschen Cookie zum Server zu übermitteln. Cross Site Cooking ist eine Art von Browser Exploit (dt.: Ausnutzung eines Bugs in einem Browser), welche es einem… …   Deutsch Wikipedia

  • Cross-Site Cooking — Beim Cross Site Cooking nutzt der Angreifer einen Fehler des Browsers, um einen falschen Cookie zum Server zu übermitteln. Cross Site Cooking ist eine Art von Browser Exploit (dt.: Ausnutzung eines Bugs in einem Browser), welche es einem… …   Deutsch Wikipedia

  • Snes9x — Infobox Software name = Snes9x caption = Windows GUI of the Snes9x emulator collapsible = author = Snes9X team developer = Snes9x Team released = latest release version = 1.51 latest release date = release date and age|2007|04|30 latest preview… …   Wikipedia

  • Cross-Zone Scripting — ist ein Browser Exploit für den Internet Explorer, der die Zonenaufteilung dieses Browsers ausnutzt. Der Angriff erlaubt Webseiten beliebigen Code innerhalb einer privilegierten Zone auszuführen. Ursachen ein Programmfehler des Browsers, der… …   Deutsch Wikipedia