XSS Warning - XSS Prevention Extension for Mozilla Firefox

When I was reading d0ubl3_h3lix’s security paper about Web Browser Plugins Vulnerabilities , I found out that there’s a Mozilla Firefox extension to prevent the execution of XSS threats that I’ve never tried before (because I only used FireKeeper before :P ) the extension itself ’s called ‘XSS Warning’ .

The further informations about this Mozilla Firefox Security extension :

Taken from http://www.zeropaid.com/bbs/archive/index.php/t-42967.html:
In the spirit of beta testing, I was sent a link from Gianni Amato on a new extension he’s written for Firefox called XSS Warning. Unsurprisingly, it warns you of potential XSS attacks on the URL string with a large blocking page. I have not spent a tremendous amount of time playing with this, but I had a few thoughts. Granted this is experimental, so I’m not trying to rip into it, because it definitely provides a service. But here are some thoughts.

Firstly, it only works in the case of reflected XSS. While that’s the most common form of XSS, it’s also only one form. Secondly, because it doesn’t generate an alert box, if the XSS is loaded inside of a hidden iframe, the user would never be warned that it failed (also making it easy to check for, incidentally). So while I love this research, and I want a lot more of it, this shouldn’t be considered a panacea, although I think we are well on our way now that we finally have people like Gianni and Giorgio looking at this. Very cool, and I encourage everyone to check it out.

Taken from the official website of XSS Warning :
XSS Warning is a extension for Firefox that fitre malicious values to prevent - with Javascript allowed - the Cross Site Scripting (XSS) attacks by malicious Http Request.

XSS Warning 0.3.4 protect from:

# Url attack

# Iframe attack

# Http request attack

This extension is compatible with Firefox 1.5 - 2.0.0.*
Install the latest release of XSS Warning right here !

XSS Warning - XSS Prevention Extension for Mozilla Firefox is posted on April 17th, 2008 by admin. This post is filed under: Sectools, Security .

Some people come to this post with this search term: extension, hacking friendster xss attack, prevention method for Reflected XSS Attacks, prevention method, Reflected XSS Attacks, http://itgossips.com, hack friendster mozilla firefox, friendster +xss, how to use BSQL tool, site:http://www.lifedork.com/, Mozilla FireFox Xss iframe, view private profile on friendster using javascript, mozilla firefox friendster, friendster xss, XSS Warning, XSS Warning source code, xss attack mozilla, prevent hack of friendster, xss checker plugin for firefox, HACK FACEBOOK WITH MOZILLA 1.5, how to use mozilla to hack into facebook,

And here is the related entries of this post:

4 Responses to “XSS Warning - XSS Prevention Extension for Mozilla Firefox”

  1. XSS Warning - XSS Prevention Extension for Mozilla Firefox | (it)gossips, on April 17th, 2008 at 5:57 pm Said:

    [...] [Read the rest on (it)gossips network: lain] Related PostsEXPLOIT-ME ’s Finally Released!Technika Security Framework , Hackbar 1.1.1 : Mozilla Firefox Plugins for hacking purposesHacking Facebook Accounts using XSS video(new) Facebook.com XSS HackingTechnika - XSS Discovery Tool #2 [...]

  2. r3ck0rd, on April 22nd, 2008 at 7:57 am Said:

    well at least my NoScript has this feature too :)

  3. r3ck0rd, on April 22nd, 2008 at 8:01 am Said:

    BTW, NoScript filters XSS by striping the html tags in the URL. So, only works for GET method URLs (ah whatever to say it :)).

  4. lain, on April 23rd, 2008 at 1:17 am Said:

    XSS Warning is not secure anymore anyway .. :) I’ll show you how it could be bypassed easily

Leave a Reply

« Friendster.com Password BruteForce Script Security source code assessment tools 2008 »