Computer Security Wiki

A web browser is a software application which enables a user to display and interact with text, images, videos, music, games and other information typically located on a Web page at a Web site on the World Wide Web.

From a security perspective, there are two potential problems we need to defend against, while still allowing the user to access useful information:

  • A web browser can be used to install malware.
    • Some fraudulent web sites trick the user into downloading and installing a Trojan horse, a keylogger[1], or other malware.
    • Some web sites exploit a vulnerability in some web browsers, directly downloading and installing malware without the user doing anything.
  • A web browser can be used to transmit information that the user would prefer to keep private. Sometimes a user wants to give information to one legitimate web site (the web site of their bank, or a commercial web site like eBay or Amazon). But that information ends up elsewhere.
    • some fraudulent web sites trick the user into thinking it is that legitimate web site.
    • Every machine between the user and the legitimate web site, can listen to the traffic between them. (using "https" SSL encryption makes this traffic look like meaningless gibberish to outsiders).
    • Sometimes one company takes information that the user gives it, and then "shares" that information with other companies. Sometimes this information is transferred in a cookie.

Internet Explorer[]

Internet Explorer has had so many vulnerabilities that Bruce Schneier, David A. Wheeler, and other security experts recommend switching to a different web browser[2][3][4].

Mozilla Firefox[]

Mozilla Firefox users are starting to get targeted by malware writers because of an increasing market share.[5] The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder which runs when Firefox is started. The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.[5] When it runs on a PC, it registers itself in Firefox's system files as "Greasemonkey," a well-known collection of scripts that add extra functionality to Web pages rendered by Firefox.[5]


Most browsers provide a "sandbox" to allow a program to run without access to the rest of the computer. Included in most browsers is a sandbox for Java applets and another sandbox for JavaScript applets. Many users also choose to download the Adobe Flash plugin that includes a sandbox for Adobe Flash animations, and the Microsoft Silverlight plugin that includes a sandbox for Silverlight applications.


External links[]