Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How does encoding/decoding work in IE and Firefox?

Posted on 2010-09-20
3
449 Views
Last Modified: 2013-12-04
When testing XSS payloads, a attack payloads didn’t work at first time, but from second time it always worked. Some attack payload worked in IE; but didn’t work in Firefox. So I want to know more detail how encoding/decoding work in IE and Firefox.

Is there any link and document about this issue?

Thanks very much in advance
0
Comment
Question by:howruaz9
3 Comments
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 33726048
There are thousands of links and documents about the issue.  It's a very broad question!

http://lmgtfy.com/?q=XSS+Security
0
 
LVL 4

Accepted Solution

by:
rajivvishwa earned 400 total points
ID: 33730271
There is no clear cut comparison or explanation on how each browser is designed to prevent various vulnerabilities. The security architecture for each browsers are evolved over a period of time and is not that easy to trace back. No one would expose and document the security implementations esp Microsoft. You might have to go through the source code of the browser to understand how its done. (https://developer.mozilla.org/en/Download_Mozilla_Source_Code)
Easier way would be to  you can go through the advisories where people have identified & logged various XSS vulnerabilities and steps taken by MS/Mozilla to fix those.

But to know which XSS vector is vulnerable on what browser, check RSnake XSS Cheat Sheet, Browser support for each XSS string is mentioned there
(http://ha.ckers.org/xss.html)

Firefox
Dev Documentation - https://developer.mozilla.org/en/Security
Security Adv - http://www.mozilla.org/security/announce/

Internet Explorer
XSS Filter Architecture - http://blogs.technet.com/b/srd/archive/2008/08/19/ie-8-xss-filter-architecture-implementation.aspx
XSS Filter - http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
0
 

Author Closing Comment

by:howruaz9
ID: 33740280
Rajivvishwa and Ray_Paseur, thanks for your help – I really appreciate it.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question