Solved

How does encoding/decoding work in IE and Firefox?

Posted on 2010-09-20
3
445 Views
Last Modified: 2013-12-04
When testing XSS payloads, a attack payloads didn’t work at first time, but from second time it always worked. Some attack payload worked in IE; but didn’t work in Firefox. So I want to know more detail how encoding/decoding work in IE and Firefox.

Is there any link and document about this issue?

Thanks very much in advance
0
Comment
Question by:howruaz9
3 Comments
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 33726048
There are thousands of links and documents about the issue.  It's a very broad question!

http://lmgtfy.com/?q=XSS+Security
0
 
LVL 4

Accepted Solution

by:
rajivvishwa earned 400 total points
ID: 33730271
There is no clear cut comparison or explanation on how each browser is designed to prevent various vulnerabilities. The security architecture for each browsers are evolved over a period of time and is not that easy to trace back. No one would expose and document the security implementations esp Microsoft. You might have to go through the source code of the browser to understand how its done. (https://developer.mozilla.org/en/Download_Mozilla_Source_Code)
Easier way would be to  you can go through the advisories where people have identified & logged various XSS vulnerabilities and steps taken by MS/Mozilla to fix those.

But to know which XSS vector is vulnerable on what browser, check RSnake XSS Cheat Sheet, Browser support for each XSS string is mentioned there
(http://ha.ckers.org/xss.html)

Firefox
Dev Documentation - https://developer.mozilla.org/en/Security
Security Adv - http://www.mozilla.org/security/announce/

Internet Explorer
XSS Filter Architecture - http://blogs.technet.com/b/srd/archive/2008/08/19/ie-8-xss-filter-architecture-implementation.aspx
XSS Filter - http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
0
 

Author Closing Comment

by:howruaz9
ID: 33740280
Rajivvishwa and Ray_Paseur, thanks for your help – I really appreciate it.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now