A '''browser exploit''' is a short piece of code that exploits a software [[computer bug|bug]] in a [[web browser]] such that the code makes the browser do something unexpected, including crash, read or write local files, propagate a [[computer virus|virus]] or install [[spyware]]. Malicious code may exploit [[HTML]], [[JavaScript]], Images, [[ActiveX]], [[Java (programming language)|Java]] and other internet technologies. HTML alone is harmless, however, it can, in conjunction with malicious ActiveX or Java code, potentially freeze or crash a browser, or even crash the computer running that browser.
{{R with history}}
The term "browser exploit" can also refer to the actual bug in the browser [[code]].
== Browser exploits families ==
[[Cross Zone Scripting]] exploits vulnerabilities related to the "zone" concept in some browsers; i.e. a page in "Internet zone" is able to initate execution with "Local Computer", "Local Intranet" or "Trusted Sites" zone privileges.
