Open
Bug 332016
Opened 18 years ago
Updated 2 years ago
XSS prevention based on data tainting
Categories
(Firefox :: Security, enhancement)
Tracking
()
NEW
People
(Reporter: vogge, Unassigned)
References
()
Details
(Whiteboard: patch)
Attachments
(1 file)
77.37 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20060325 Firefox/0.10.1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20060325 Firefox/0.10.1 For my master thesis I developed a anti-XSS solution that is implemented on Mozilla Firefox. The solution works by tainting sensitive information (e.g., the cookie) and tracking it through processing. It is integrated into the js-engine and a few parts of the web browser. Further information (including patch against 1.0pre): NoMoXSS (no more XSS) http://www.seclab.tuwien.ac.at/projects/jstaint/ Reproducible: Didn't try
Reporter | ||
Comment 1•18 years ago
|
||
Comment 2•18 years ago
|
||
A few more details and an example of an existing xss vulnerability that this solves would probably help here.
Component: Safe Browsing → Security
QA Contact: safe.browsing → firefox
Reporter | ||
Comment 3•18 years ago
|
||
(In reply to comment #2) > A few more details The paper (http://www.seclab.tuwien.ac.at/people/vogge/docs/xss_prevention.pdf) gives details about the theoretical aspects of the solution (1. Introduction, 3. Dynamic Data Tainting, 4. Data Transmission, 5. Implementation) and the master thesis (http://www.seclab.tuwien.ac.at/people/vogge/docs/da_xss_prevention.pdf) has implementation details (Chapter 4 Implementation) >and an example of an existing xss vulnerability that this > solves would probably help here. See Chapter 5 Evaluation of the master thesis. Or for a short version Section 5 Evaluation in the paper.
Updated•18 years ago
|
Blocks: xss
Summary: Integrated XSS prevention solution → XSS prevention based on data tainting
Updated•18 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 4•17 years ago
|
||
It would be nice to have this patch against the current trunk. If I'm understanding this correctly, this patch would actually need to go against core because the affected code is shared with seamonkey. Also, I question what affect this will have on some legitimate, but shortsighted behaviors between sites on different domains.
Whiteboard: patch
Comment 5•17 years ago
|
||
Stephanie, indeed, we are thinking about porting our system to the current trunk. hearing people say that they would be interested in having this protection in place would obviously speed up the process :-). with regards to false positives (i.e., effects on some legitimate, but shortsighted behaviors between sites on different domains) - this does happen, but according to our experiments (for which we crawled more than a million web pages), it does not seem to be that big of a problem. for more details, you are more than welcome to check out our NDSS '07 publication (http://www.auto.tuwien.ac.at/~chris/research/doc/ndss07_xssprevent.pdf), which contains more details on the expriments and the system itself.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•