[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How does encoding/decoding work in IE and Firefox?

Posted on 2010-09-20
3
Medium Priority
?
454 Views
Last Modified: 2013-12-04
When testing XSS payloads, a attack payloads didn’t work at first time, but from second time it always worked. Some attack payload worked in IE; but didn’t work in Firefox. So I want to know more detail how encoding/decoding work in IE and Firefox.

Is there any link and document about this issue?

Thanks very much in advance
0
Comment
Question by:howruaz9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 400 total points
ID: 33726048
There are thousands of links and documents about the issue.  It's a very broad question!

http://lmgtfy.com/?q=XSS+Security
0
 
LVL 4

Accepted Solution

by:
rajivvishwa earned 1600 total points
ID: 33730271
There is no clear cut comparison or explanation on how each browser is designed to prevent various vulnerabilities. The security architecture for each browsers are evolved over a period of time and is not that easy to trace back. No one would expose and document the security implementations esp Microsoft. You might have to go through the source code of the browser to understand how its done. (https://developer.mozilla.org/en/Download_Mozilla_Source_Code)
Easier way would be to  you can go through the advisories where people have identified & logged various XSS vulnerabilities and steps taken by MS/Mozilla to fix those.

But to know which XSS vector is vulnerable on what browser, check RSnake XSS Cheat Sheet, Browser support for each XSS string is mentioned there
(http://ha.ckers.org/xss.html)

Firefox
Dev Documentation - https://developer.mozilla.org/en/Security
Security Adv - http://www.mozilla.org/security/announce/

Internet Explorer
XSS Filter Architecture - http://blogs.technet.com/b/srd/archive/2008/08/19/ie-8-xss-filter-architecture-implementation.aspx
XSS Filter - http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
0
 

Author Closing Comment

by:howruaz9
ID: 33740280
Rajivvishwa and Ray_Paseur, thanks for your help – I really appreciate it.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question