O'Reilly logo

Seven Deadliest Web Application Attacks by Mike Shema

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Plugging into Browser Plug-Ins

Browser plug-ins serve many useful purposes, from helping developers to debug JavaScript to improving the browser's security model. A poorly written or outright malicious plug-in can weaken a browser's security.

Insecure Plug-Ins

Plug-ins extend the capabilities of a browser beyond rendering HTML. Many plug-ins, from document readers to movie players, have a history of buffer overflow vulnerabilities. Those types of vulnerabilities are exploited by malformed content sent to the plug-in. For example, an attack against Adobe Flash Player will attempt to lure the victim into viewing a malicious Shockwave Flash (SWF) file. A browser extension might not just provide a new entry point for buffer overflows; it might ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required