All Questions
7 questions
0
votes
0
answers
100
views
What can be leaked using a browser extension where one of the extensions loads JavaScript from a remote site?
Can one remotely log my IP, browser history, and saved passwords?
I think the IP should be easily done if one of the extensions load a remote JavaScript to run in my browser. I'm not sure about other ...
- 157
4
votes
1
answer
2k
views
Is it possible for page to get your installed extensions through javascript?
When you visit a page, could that page tell what extensions you are running
if javascript is enabled?
If so then could we stop them or at least make it extremely difficult to increase our privacy?
-1
votes
3
answers
237
views
How to protect your web application's data against an injected JavaScript?
I have a web application which interacts with two web servers. The response of the first one is stored temporarily on the browser (window.xyz=response.xyz) and when the user makes the request for ...
- 3,286
0
votes
1
answer
351
views
Reflected XSS Prevention plugin [closed]
Is there any plugin out there which prevent reflected XSS? Plugin could be either for firefox or chrome.
Thanks.
- 121
1
vote
1
answer
629
views
When a browser extension or user script pulls a JS file from Google's CDN, how does this compromise the user's privacy in terms of Google's reach? [duplicate]
The context from which my question has arisen is this user script which locally removes ads from Ixquick.com, which is an anonymizing 'proxy' search engine that gives the results from Google's index ...
user21377
13
votes
3
answers
4k
views
What bad coding practices makes a browser extension vulnerable?
I'm trying to scan JavaScript files for vulnerabilities using JSHint. Specifically, I'm scanning the JavaScript files of browser extensions. To look for possible vulnerabilities I'm looking for bad ...
- 4,382
12
votes
2
answers
1k
views
What should I look for when auditing a Firefox extension / plugin?
I've been asked to do a security audit on a Firefox add-on developed by a third party. I am a web developer with a reasonable grasp of JavaScript but am not a browser security expert.
What kinds of ...
- 222