Add to ORKGWeb browsers are increasingly designed to be extensible to keep up with the Web's rapid pace of change. This extensibility is typically implemented using script-based extensions. Script extensions have access to sensitive browser APIs and content from untrusted web pages. Unfortunately, this powerful combination creates the threat of privilege escalation attacks that grant web page scripts the full privileges of script extensions and control over the entire browser process. This thesis describes the pitfalls of script-based extensibility based on our study of the Firefox Web browser, and is the first to offer a classification of script-based privilege escalation vulnerabilities. We propose a taint-based system to track the spread of untr...
A poorly designed web browser extension with a security vulnerability may expose the whole system to...
Part 13: Short PapersInternational audienceHTTPS stripping attacks leverage a combination of weak co...
The widely popular browser extensions now become one of the most commonly used malware attack vector...
Even though their architecture relies on robust security principles, it is well-known that poor prog...
Abstract. Even though their architecture relies on robust security prin-ciples, it is well-known tha...
Browser extensions enable rich experience for the users of today\u27s web. Beingdeployed with elevat...
We explore the problem of identifying unauthorized privilege es-calation instances in a web applicat...
HTTPS stripping attacks leverage a combination of weak configuration choices to trick users into pro...
Unsafely coded browser extensions can compromise the security of a browser, making them attractive t...
A poorly designed web browser extension with a security vulnerability may expose the whole system to...
JavaScript-based browser extensions (JSEs) enhance the core functionality of web browsers by improvi...
A web browser works with data and scripts from different sources, and these sources are not all trus...
Abstract—A common characteristic of modern web browsers is that their functionality can be extended ...
Universal cross-site scripting (UXSS) is a browser vulnerability, making a vulnerable browser execut...
The web browser is one of the most security critical software components today. It is used to intera...
A poorly designed web browser extension with a security vulnerability may expose the whole system to...
Part 13: Short PapersInternational audienceHTTPS stripping attacks leverage a combination of weak co...
The widely popular browser extensions now become one of the most commonly used malware attack vector...
Even though their architecture relies on robust security principles, it is well-known that poor prog...
Abstract. Even though their architecture relies on robust security prin-ciples, it is well-known tha...
Browser extensions enable rich experience for the users of today\u27s web. Beingdeployed with elevat...
We explore the problem of identifying unauthorized privilege es-calation instances in a web applicat...
HTTPS stripping attacks leverage a combination of weak configuration choices to trick users into pro...
Unsafely coded browser extensions can compromise the security of a browser, making them attractive t...
A poorly designed web browser extension with a security vulnerability may expose the whole system to...
JavaScript-based browser extensions (JSEs) enhance the core functionality of web browsers by improvi...
A web browser works with data and scripts from different sources, and these sources are not all trus...
Abstract—A common characteristic of modern web browsers is that their functionality can be extended ...
Universal cross-site scripting (UXSS) is a browser vulnerability, making a vulnerable browser execut...
The web browser is one of the most security critical software components today. It is used to intera...
A poorly designed web browser extension with a security vulnerability may expose the whole system to...
Part 13: Short PapersInternational audienceHTTPS stripping attacks leverage a combination of weak co...
The widely popular browser extensions now become one of the most commonly used malware attack vector...