Wednesday, March 21, 2007

NoScript for FireFox can stop another site Javascript XSS

ha.ckers.org web application security lab - Archive ≫ NoScript Plugin Beta Attempts To Stop XSS

Beta version of NoScript(Noscript 1.1.4.6.070318) for FireFox can stops Cross site Scripting(XSS) from other site(like importing js file).
We are waiting for NoScript for Internet Explorer!!! :-)

Giorgio Maone, the author of the NoScript Firefox plugin has recently been posting to the boards about a new experimental version of the plugin that intends to protect against XSS. The concept of the tool change is to detect when one site is attempting to send you to another site with XSS within the query string. Obviously there are more ways to XSS sites than the query string, so this mostly relates to certain forms of reflected XSS.

No comments: