898 Hits in 3.8 sec

Protecting browsers from cross-origin CSS attacks

Lin-Shung Huang, Zack Weinberg, Chris Evans, Collin Jackson
2010 Proceedings of the 17th ACM conference on Computer and communications security - CCS '10  
Cross-origin CSS attacks use style sheet import to steal confidential information from a victim website, hijacking a user's existing authenticated session; existing XSS defenses are ineffective.  ...  We show how to conduct these attacks with any browser, even if JavaScript is disabled, and propose a client-side defense with little or no impact on the vast majority of web sites.  ...  CSS defenses.  ... 
doi:10.1145/1866307.1866376 dblp:conf/ccs/HuangWEJ10 fatcat:j42tuf72qndpxh35j6t2pmvfma

Cross-origin pixel stealing

Robert Kotcher, Yutong Pei, Pranjal Jumde, Collin Jackson
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Using CSS default filters, we have discovered a variety of timing attacks that work in multiple browsers and devices. The first attack exploits differences in time taken to render various DOM trees.  ...  Request permissions from  ...  CSS filters still violate Same-Origin Policy (SOP) because they access cross-origin content when X-Frame-Options are not used.  ... 
doi:10.1145/2508859.2516712 dblp:conf/ccs/KotcherPJJ13 fatcat:spr4yipxoffu5hitfsipnhnywu

Secure Applications without Secure Infrastructures [chapter]

Dieter Gollmann
2010 Lecture Notes in Computer Science  
DNS rebinding  Same origin policy: Script can only connect back to the server it was downloaded from.  To make a connection, the client"s browser needs the IP address of the server.  ...   Trust: code in pages from server executed with higher privileges at client (origin based access control).  ... 
doi:10.1007/978-3-642-14706-7_2 fatcat:gmwrbkqfivfjnnodftyrqe4x6q

Scriptless attacks

Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
Due to their high practical impact, Cross-Site Scripting (XSS) attacks have attracted a lot of attention from the security community members.  ...  well protected websites.  ...  data from across origins.  ... 
doi:10.1145/2382196.2382276 dblp:conf/ccs/HeiderichNSHS12 fatcat:qf27r473mvdtxakegcujj6w6cm

Browser protection against cross-site request forgery

Wim Maes, Thomas Heyman, Lieven Desmet, Wouter Joosen
2009 Proceedings of the first ACM workshop on Secure execution of untrusted code - SecuCode '09  
It allows an attacker to perform malicious authorized actions originating in the end-users browser, without his knowledge.  ...  To do so, the framework monitors all outgoing web requests within the browser and enforces a configurable cross-domain policy.  ...  The proposed implementation protects against CSRF vulnerabilities exploited in the browser, i.e., attacks that abuse CSS properties, HTML entities or HTTP headers to generate CSRF attack requests.  ... 
doi:10.1145/1655077.1655081 fatcat:vecta6cuhrh3np3vfgqmj6xxi4


Jonas Magazinius, Billy K. Rios, Andrei Sabelfeld
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Our recommendations for protective measures on server side, in browsers, and in content interpreters (in particular, PDF readers) show how to mitigate the attacks.  ...  The attacks lead to both cross-domain leakage and cross-site request forgery. We perform a systematic study of PDF-based injection and content smuggling attacks.  ...  Cross-origin CSS attacks inject fragments of CSS code into an existing web page to extract information from the existing web page. Generalizing polyglot attacks.  ... 
doi:10.1145/2508859.2516685 dblp:conf/ccs/MagaziniusRS13 fatcat:utz6emu6z5bejiyinr6iehr4ka

mXSS attacks

Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
. mXSS attacks are likely to bypass all three of those defensive techniques given that the browser itself is instrumented to create the attack payload from originally benign-looking markup.  ...  The problems we identify leave websites vulnerable against the novel kind of mXSS attacks, even if the utilized filter software fully protects against the dangers of the classic Cross-Site Scripting.  ... 
doi:10.1145/2508859.2516723 dblp:conf/ccs/HeiderichSFMY13 fatcat:6pyot57zsraqtfkqehvm6myxpe

Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses [article]

Anatoly Shusterman, Ayush Agarwal, Sioli O'Connell, Daniel Genkin, Yossi Oren, Yuval Yarom
2021 arXiv   pre-print
We develop a sequence of attacks with progressively decreasing dependency on JavaScript features, culminating in the first browser-based side-channel attack which is constructed entirely from Cascading  ...  Style Sheets (CSS) and HTML, and works even when script execution is completely blocked.  ...  Yet, while Chrome Zero does protect global objects, it fails to protect their prototype chains, al- lowing attackers to access the original JavaScript API.  ... 
arXiv:2103.04952v1 fatcat:gmfmfyfew5aunkv7zwmiisfw7m

Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks [article]

Avinash Sudhodanan, Soheil Khodayari, Juan Caballero
2020 arXiv   pre-print
In a Cross-Origin State Inference (COSI) attack, an attacker convinces a victim into visiting an attack web page, which leverages the cross-origin interaction features of the victim's web browser to infer  ...  Furthermore, robust attacks require supporting a variety of browsers since the victim's browser cannot be predicted apriori.  ...  This research has received funding from the European Union Horizon 2020 Research and Innovation Programme under the ELASTEST Grant Agreement No. 731535.  ... 
arXiv:1908.02204v2 fatcat:erxo5lnso5fb7l6mdyhfazyuqi

All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing API

Yuan Tian, Ying Chuan Liu, Amar Bhosale, Lin Shung Huang, Patrick Tague, Collin Jackson
2014 2014 IEEE Symposium on Security and Privacy  
One of the core assumptions on which browser security is built is that there is no cross-origin feedback loop from the client to the server.  ...  However, the screen sharing API allows creating a cross-origin feedback loop.  ...  We also thank Sid Stamm and Daniel Veditz from Mozilla for their feedback. We also thank our colleagues and friends, Eric Y.  ... 
doi:10.1109/sp.2014.10 dblp:conf/sp/TianLBHTJ14 fatcat:m2zvv6yg7vdpxje7bju4q3qlti

Tamper-Resistant LikeJacking Protection [chapter]

Martin Johns, Sebastian Lekies
2013 Lecture Notes in Computer Science  
Furthermore, we document how this technique can be implemented in a cross-browser fashion and document that the process performs well even for large DOM tree structures (see Sec. 7.2).  ...  As we will discuss in Section 3.1, preventing LikeJacking attacks is non-trivial and, unlike the X-Frames-Option-header [20] in the case of general ClickJacking, no applicable, browser-based security measure  ...  The term ClickJacking denotes a class of attacks, that aim to trick users into interacting with cross-domain Web UIs without their knowledge.  ... 
doi:10.1007/978-3-642-41284-4_14 fatcat:vipvcp6wzva5lhun64euffoiua

Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers

Mike Ter Louw, V.N. Venkatakrishnan
2009 2009 30th IEEE Symposium on Security and Privacy  
User-created web content is a notorious vector for cross-site scripting (XSS) attacks that target websites and confidential user data.  ...  This challenge is made difficult by anomalous web browser behaviors, which are often used as vectors for successful XSS attacks.  ...  Recall from Section 3.2.1, to fully protect against CSSbased XSS attacks, normally-static CSS property values are transformed into trusted dynamic content.  ... 
doi:10.1109/sp.2009.33 dblp:conf/sp/LouwV09 fatcat:rmng7p7i2bfolgsq3bd6iqlzkq

A Dangerous Mix: Large-Scale Analysis of Mixed-Content Websites [chapter]

Ping Chen, Nick Nikiforakis, Christophe Huygens, Lieven Desmet
2015 Lecture Notes in Computer Science  
of mobile users are currently vulnerable to MITM attacks.  ...  Additionally, we investigate the default behavior of browsers on mobile devices and show that most of them, by default, allow the rendering of mixed content, which demonstrates that hundreds of thousands  ...  This allows the attacker to run arbitrary JavaScript code as if it was originating from the TLS-protected site, and access a variety of security-sensitive JavaScript APIs.  ... 
doi:10.1007/978-3-319-27659-5_25 fatcat:mqgtxf26pjbhdgdxbdztct2s3y

Man-in-the-browser-cache: Persisting HTTPS attacks via browser cache poisoning

Yaoqi Jia, Yue Chen, Xinshu Dong, Prateek Saxena, Jian Mao, Zhenkai Liang
2015 Computers & security  
We investigate the feasibility of such attacks on five mainstream desktop browsers and 16 popular mobile browsers.  ...  We provide guidelines for users and browser vendors to defeat BCP attacks.  ...  cache (Jackson et al., 2006) protects users from cross-origin and extension-assisted BCP attacks.  ... 
doi:10.1016/j.cose.2015.07.004 fatcat:bkd36gu4ozgt3dbdm5qmtjykbe

Large-Scale Analysis of Style Injection by Relative Path Overwrite

Sajjad Arshad, Seyed Ali Mirheidari, Tobias Lauinger, Bruno Crispo, Engin Kirda, William Robertson
2018 Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW '18  
with browsers' leniency in parsing CSS resources results in an attacker's ability to inject style directives that will be interpreted by the browser.  ...  Even though style injection may appear less serious a threat than script injection, it has been shown that it enables a range of attacks, including secret exfiltration.  ...  Thereby, the attacker bypasses protections of the Same-Origin Policy.  ... 
doi:10.1145/3178876.3186090 dblp:conf/www/ArshadMLCKR18 fatcat:ul6grhiscnampjwiopba6kffse
« Previous Showing results 1 — 15 out of 898 results