Skip to content

Firefox v28.0 XSS Vulnerability


Dear Firefox,
We love you, please fix this.

SupraFortix Blog

This post concentrates on my recent research regarding reflective Cross-Site Scripting (XSS or CSS) vulnerabilities within the most popular web browsers. The setup that is used to test the browsers is done within virtualised environment, using Damn Vulnerable Web Application (DVWA) hosted by XAMPP Apache server.

Reflective XSS uses maliciously crafted URLs that carry JavaScript, HTML or PHP code, which automatically fills in a vulnerable user input box, which is then reflected back to the user, using reflective functions of dynamic web pages.
Reflection arr

URL generated by this mechanic.

Example of a “malicious URL” carrying JavaScript code, used in this experiment."hello!")


v33.0.1750.154m —Updated 14. March 2014

Malicious URL is not accepted.

The reason for that is that Google Chrome added special character encoding to their URL bar. If you copy and paste executed URL into Notepad you can see that characters, such as

View original post 217 more words

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: