A browser exploit is a short piece of code that exploits a software bug in a web browser such that the code makes the browser do something unexpected, including crash, read or write local files, propagate a virus or install spyware. Malicious code may exploit HTML, JavaScript, Images, ActiveX, Java and other internet technologies. HTML alone is harmless (can only crash browser in some cases on vulnerable web browsers), however, in conjunction with malicious ActiveX or Java code, it can potentially freeze or crash a browser, or even crash the computer running that browser.
The term “browser exploit” can also refer to the actual bug in the browser code.
Browser exploits families
Cross Zone Scripting exploits vulnerabilities related to the “zone” concept in some browsers; i.e. a page in “Internet zone” is able to initate execution with “Local Computer”, “Local Intranet” or “Trusted Sites” zone privileges.
Web design is a process of conceptualization, planning, modeling, and execution of electronic media delivery via Internet in the form of Markup language suitable for interpretation by Web browser and display as Graphical user interface (GUI).
The intent of web design is to create a web site — a collection of electronic files that reside on a web server/servers and present content and interactive features/interfaces to the end user in form of Web pages once requested. Such elements as text, bit-mapped images (GIFs, JPEGs, PNGs), forms can be placed on the page using HTML/XHTML/XML tags. Displaying more complex media (vector graphics, animations, videos, sounds) requires plug-ins such as Flash, QuickTime, Java run-time environment, etc. Plug-ins are also embedded into web page by using HTML/XHTML tags.
Improvements in browsers’ compliance with W3C standards prompted a widespread acceptance and usage of XHTML/XML in conjunction with Cascading Style Sheets (CSS) to position and manipulate web page elements and objects. Latest standards and proposals aim at leading to browsers’ ability to deliver a wide variety of media and accessibility options to the client possibly without employing plug-ins.
Typically web pages are classified as static or dynamic.
Static pages don’t change content and layout with every request unless a human (web master/programmer) manually updates the page.
Dynamic pages adapt their content and/or appearance depending on end-user’s input/interaction or changes in the computing environment (user, time, database modifications, etc.) Content can be changed on the client side (end-user’s computer) by using client-side scripting languages (JavaScript, JScript, Actionscript, etc.) to alter DOM elements (DHTML). Dynamic content is often compiled on the server utilizing server-side scripting languages (Perl, PHP, ASP, JSP, ColdFusion, etc.). Both approaches are usually used in complex applications.
With growing specialization in the information technology field there is a strong tendency to draw a clear line between web design and web development.
