This document discusses how JavaScript code embedded in webpages can be used to create a "million browser botnet" by exploiting browsers and their permissions. It describes how JavaScript can be used for browser interrogation, cross-site request forgery, login detection, deanonymization, intranet hacking, cross-site scripting, distributed brute force cracking, and application-level DDoS attacks. It also explains how advertising networks can be leveraged to widely distribute this type of JavaScript code and control a large network of infected browsers.