A '''browser exploit''' is a short piece of code that exploits a software [[computer bug|bug]] in a [[web browser]] such that the code makes the browser do something unexpected, including crash, read or write local files, propagate a [[computer virus|virus]] or install [[spyware]]. Malicious code may exploit [[HTML]], [[JavaScript]], Images, [[ActiveX]], [[Java (programming language)|Java]] and other internet technologies. HTML alone is harmless (can only crash browser in some cases on vulnerable web browsers), however, in conjunction with malicious ActiveX or Java code, it can potentially freeze or crash a browser, or even crash the computer running that browser.
{{R with history}}
The term "browser exploit" can also refer to the actual bug in the browser [[code]].
== Browser exploits families ==
[[Cross Zone Scripting]] exploits vulnerabilities related to the "zone" concept in some browsers; i.e. a page in "Internet zone" is able to initate execution with "Local Computer", "Local Intranet" or "Trusted Sites" zone privileges.
