May I? - Content Security Policy Endorsement for Browser Extensions
نویسندگان
چکیده
Cross-site scripting (XSS) vulnerabilities are among the most prevailing problems on the web. Among the practically deployed countermeasures is a``defense-in-depth'' Content Security Policy (CSP) to mitigate the effects of XSS attacks. However, the adoption of CSP has been frustratingly slow. This paper focuses on a particular roadblock for wider adoption of CSP: its interplay with browser extensions.
منابع مشابه
SENTINEL: Securing Legacy Firefox Extensions
A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at “benignbut-buggy” extensions, as well as extensions that have been written with malicious intent, pose significant security threats to a system running such components. Recent studies have indeed shown that many Firefox extensions are over-privileged, ...
متن کاملEffective detection of vulnerable and malicious browser extensions
Unsafely coded browser extensions can compromise the security of a browser, making them attractive targets for attackers as a primary vehicle for conducting cyber-attacks. Among others, the three factors making vulnerable extensions a high-risk security threat for browsers include: i) the wide popularity of browser extensions, ii) the similarity of browser extensions with web applications, and ...
متن کاملHPF with Parallel I/O Extensions
(Alok Choudhary) with matching support from Intel SSD. The content of the information does not necessarily reeect the position or the policy of the Government and no oocial endorsement should be inferred.
متن کاملA Measurement Study of the Content Security Policy on Real-World Applications
Content Security Policy (CSP) is a browser security mechanism that aims to protect websites from content injection attacks. To adopt CSP, website developers need to manually compile a list of allowed content sources. Nearly all websites require modifications to comply with CSP’s default behavior, which blocks inline scripts and the use of the eval() function. Alternatively, websites could adopt...
متن کاملSecuring Legacy Firefox Extensions with SENTINEL
A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at “benign-but-buggy” extensions, as well as extensions that have been written with malicious intents pose significant security threats to a system running such components. Recent studies have indeed shown that many Firefox extensions are over-privileged,...
متن کامل