A '''browser exploit''' is a piece of code that exploits a software [[computer bug|bug]] in a [[web browser]] such that the code makes the browser do something unexpected, including crash, read or write local files, propagate a [[computer virus|virus]] or install [[spyware]]. Malicious code may exploit [[HTML]], [[JavaScript]], Images, [[ActiveX]], [[Java (programming language)|Java]] and other Web technologies. HTML alone is harmless (can only crash browser in some cases on vulnerable web browsers), however, in conjunction with malicious ActiveX or Java code, it can potentially freeze or crash a browser, or even crash the computer running that browser.
{{R with history}}
The term "browser exploit" can also refer to the actual bug in the browser [[code]].
== Browser exploits families ==
[[Cross Zone Scripting]] exploits vulnerabilities related to the "zone" concept in some browsers; i.e. a page in "Internet zone" is able to initiate execution with "Local Computer", "Local Intranet" or "Trusted Sites" zone privileges.
