While cookie, cache and browser history stealing concentrates on assets that are managed by the browser, web-based client-side attacks can reach beyond the scope of the browser onto the underlying operating system. Attacks that allow a web server to access arbitrary files are examples, such as a recently described technique to exploit Microsoft's Internet Explorer 7 Header Forwards. The clipboard is another source that should be protected. While early versions of web browsers, such as Microsoft's Internet Explorer, allowed a web page to access the clipboard, access to the clipboard has since been restricted to only allow access if specifically granted. Exploit code that seems to get around this restriction has been observed in the wild (Clipboards hijacked in web attack). Internal network topology is another asset that should be protected, but can be accessed. Special JavaScript network and port scanners exist that allow a malicious web site to obtain information about the internal network topology, such as existence of web servers, routers, and hosts (e.g. JavaScript Port Scanner).

The last attack presented that impacts confidentiality is a social engineering attack called phishing. Social engineering attacks aim at exploiting of the natural human tendency to trust. In a phishing attack, the trust in a web site is abused to fraudulently acquire personal confidential data, such as credentials and bank account information (KYE - Phishing). These web-based client-side attacks present the user with a fraudulent web site, often promoted via SPAM Email, which appear to be from a trusted entity, such as a bank. The web site, however, is, in fact, in the control of the attacker and once the user provides personal information to the web site, the attacker will have obtained this confidential information.


Availability impact

Next, I look at attacks that impact availability. These attacks are concerned with partially or fully consuming the client resources, which reduces or leads to a complete failure of a service the client normally performs. The attacks reviewed are simple crashes, popup floods, browser hijacking, network floods, Web SPAM/junk pages and web pages that commit click fraud.

A denial-of-service is an attack that results in partial or complete consumption of resources that negatively impact a service. In the setting of a web-based client-side attack, a web page could cause the lock-up or crash of the browser or even the operating system or one if its components. Many browser vulnerabilities exist that permit a malicious web server to launch an availability impacting attack.