Solved

How does encoding/decoding work in IE and Firefox?

Posted on 2010-09-20
3
447 Views
Last Modified: 2013-12-04
When testing XSS payloads, a attack payloads didn’t work at first time, but from second time it always worked. Some attack payload worked in IE; but didn’t work in Firefox. So I want to know more detail how encoding/decoding work in IE and Firefox.

Is there any link and document about this issue?

Thanks very much in advance
0
Comment
Question by:howruaz9
3 Comments
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 33726048
There are thousands of links and documents about the issue.  It's a very broad question!

http://lmgtfy.com/?q=XSS+Security
0
 
LVL 4

Accepted Solution

by:
rajivvishwa earned 400 total points
ID: 33730271
There is no clear cut comparison or explanation on how each browser is designed to prevent various vulnerabilities. The security architecture for each browsers are evolved over a period of time and is not that easy to trace back. No one would expose and document the security implementations esp Microsoft. You might have to go through the source code of the browser to understand how its done. (https://developer.mozilla.org/en/Download_Mozilla_Source_Code)
Easier way would be to  you can go through the advisories where people have identified & logged various XSS vulnerabilities and steps taken by MS/Mozilla to fix those.

But to know which XSS vector is vulnerable on what browser, check RSnake XSS Cheat Sheet, Browser support for each XSS string is mentioned there
(http://ha.ckers.org/xss.html)

Firefox
Dev Documentation - https://developer.mozilla.org/en/Security
Security Adv - http://www.mozilla.org/security/announce/

Internet Explorer
XSS Filter Architecture - http://blogs.technet.com/b/srd/archive/2008/08/19/ie-8-xss-filter-architecture-implementation.aspx
XSS Filter - http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
0
 

Author Closing Comment

by:howruaz9
ID: 33740280
Rajivvishwa and Ray_Paseur, thanks for your help – I really appreciate it.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now