When I was reading d0ubl3_h3lix’s security paper about Web Browser Plugins Vulnerabilities , I found out that there’s a Mozilla Firefox extension to prevent the execution of XSS threats that I’ve never tried before (because I only used FireKeeper before ) the extension itself ’s called ‘XSS Warning’ .

The further informations about this Mozilla Firefox Security extension :

Taken from http://www.zeropaid.com/bbs/archive/index.php/t-42967.html:
In the spirit of beta testing, I was sent a link from Gianni Amato on a new extension he’s written for Firefox called XSS Warning. Unsurprisingly, it warns you of potential XSS attacks on the URL string with a large blocking page. I have not spent a tremendous amount of time playing with this, but I had a few thoughts. Granted this is experimental, so I’m not trying to rip into it, because it definitely provides a service. But here are some thoughts.

Firstly, it only works in the case of reflected XSS. While that’s the most common form of XSS, it’s also only one form. Secondly, because it doesn’t generate an alert box, if the XSS is loaded inside of a hidden iframe, the user would never be warned that it failed (also making it easy to check for, incidentally). So while I love this research, and I want a lot more of it, this shouldn’t be considered a panacea, although I think we are well on our way now that we finally have people like Gianni and Giorgio looking at this. Very cool, and I encourage everyone to check it out.

Taken from the official website of XSS Warning :
XSS Warning is a extension for Firefox that fitre malicious values to prevent - with Javascript allowed - the Cross Site Scripting (XSS) attacks by malicious Http Request.

XSS Warning 0.3.4 protect from:

# Url attack

# Iframe attack

# Http request attack

This extension is compatible with Firefox 1.5 - 2.0.0.*
Install the latest release of XSS Warning right here !