Monday, April 21, 2008

XSS Warning - Security Extension

Protect your browser Mozilla Firefox from XSS Attacks

XSS Warning is a extension for Firefox that fitre malicious values to prevent - with Javascript allowed - the
Cross Site Scripting (XSS) attacks by malicious Http Request.

XSS Warning 0.3.4 protect from:

# Url attack

# Iframe attack

# Http request attack

Unsurprisingly, it warns you of potential XSS attacks on the URL string with a large blocking page. But here are some thoughts.

Firstly, it only works in the case of reflected XSS. While that’s the most common form of XSS, it’s also only one form. Secondly, because it doesn’t generate an alert box, if the XSS is loaded inside of a hidden iframe, the user would never be warned that it failed (also making it easy to check for, incidentally). I encourage everyone to check it out.

Please click
here for more details and to download the extension.

No comments: