An attacker is able to cause a victim to load content into their
						web-browser that bypasses security zone controls and gain access to
						increased privileges to execute scripting code or other web objects such as
						unsigned ActiveX controls or applets. This is a privilege elevation attack
						targeted at zone-based web-browser security. In a zone-based model, pages
						belong to one of a set of zones corresponding to the level of privilege
						assigned to that page. Pages in an untrusted zone would have a lesser level
						of access to the system and/or be restricted in the types of executable
						content it was allowed to invoke. In a cross-zone scripting attack, a page
						that should be assigned to a less privileged zone is granted the privileges
						of a more trusted zone. This can be accomplished by exploiting bugs in the
						browser, exploiting incorrect configuration in the zone controls, through a
						cross-site scripting attack that causes the attacker's content to be treated
						as coming from a more trusted page, or by leveraging some piece of system
						functionality that is accessible from both the trusted and less trusted
						zone. This attack differs from "Restful Privilege Escalation" in that the
						latter correlates to the inadequate securing of RESTful access methods (such
						as HTTP DELETE) on the server, while cross-zone scripting attacks the
						concept of security zones as implemented by a browser.