![Ups dropbox 12108](https://cdn3.cdnme.se/5447227/9-3/21_64e61dfdddf2b33c615a3cd4.png)
![ups dropbox 12108 ups dropbox 12108](http://fscomps.fotosearch.com/compc/UNS/UNS088/ups-drop-box-united-parcel-service-pictures__u18647428.jpg)
This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone.
![ups dropbox 12108 ups dropbox 12108](http://wnem.images.worldnow.com/images/19506086_BG1.jpg)
Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. This is a privilege elevation attack targeted at zone-based web-browser security. An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets.
![Ups dropbox 12108](https://cdn3.cdnme.se/5447227/9-3/21_64e61dfdddf2b33c615a3cd4.png)