Common Attack Pattern Enumeration and Classification
A Community of Knowledge Resource for Building Secure Software
An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim.
The following code snippets can be used to detect various browsers:
Victim's browser visits a website that contains contains attacker's Java Script
Java Script is not disabled in the victim's browser