Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2010
ACM
2010
ACM
Protecting browsers from cross-origin CSS attacks
Cross-origin CSS attacks use style sheet import to steal confidential information from a victim website, hijacking a user's existing authenticated session; existing XSS defenses are ineffective. We show how to conduct these attacks with any browser, even if JavaScript is disabled, and propose a client-side defense with little or no impact on the vast majority of web sites. We have implemented and deployed defenses in Firefox, Google Chrome, and Safari. Our defense proposal has also been adopted by Opera. Categories and Subject Descriptors K.6.5 [Management of Computing and Information Systems]: Security and Protection General Terms Security Keywords CSS, Content Type, Same-Origin Policy
Real-time Traffic| Added | 06 Dec 2010 |
| Updated | 06 Dec 2010 |
| Type | Conference |
| Year | 2010 |
| Where | CCS |
| Authors | Lin-Shung Huang, Zack Weinberg, Chris Evans, Collin Jackson |
Comments (0)
Researcher Info
|
