Questions tagged [web-browser]
A web browser is an application which uses HTTP and related protocols to retrieve HTML and XML data from servers. As the web has become a critical source of information and communication, web browsers have become a critical component in information request, transfer and management.
1,691 questions
8
votes
1
answer
2k
views
URL parameter "x="
My website is getting many page requests of the form https://example.com/?x=15672345682564 [14 digits]
Should I block these requests or are these non-malicious, like from search engines?
- 183
1
vote
1
answer
116
views
Is there a way to exploit this DOM-based XSS in recent versions of browsers?
I am a beginner in web app pentesting.
In this page, The client-controlled fragment identifier in URL is injected directly into the page DOM, permitting a DOM-based XSS, I think.
I've tried many ...
- 13
0
votes
0
answers
97
views
Why are the Chrome/Chromium JavaScript engines (V8) vulnerabilities more difficult to reproduce on Android compared to Windows and Debian?
I conducted tests on the vulnerabilities of 5 Chrome/Chromium JavaScript engines (V8) on three platforms (the list of vulnerabilities is as follows).
Without exception, the Android system failed to ...
- 1
1
vote
2
answers
115
views
In PCI DSS SAQ A, does "customer’s browser" include merchant apps using TPSP-provided UI elements for card data?
I’m trying to understand a PCI DSS SAQ A requirement that says:
"All elements of the payment page(s)/form(s) delivered to the
customer’s browser originate only and directly from a PCI DSS
...
5
votes
1
answer
2k
views
Something added TLS certificate exceptions to my Firefox profile
I happened to come across my Firefox's settings of Certificate Manager, and went to its Exceptions page:
When I checked it, there were two entries. I don't quite remember the names, but one had a ...
- 293
3
votes
1
answer
121
views
Is there an official, or accepted, recommendation to turn off autocomplete for bank account details
Part of the WCAG recommendations for web accessibility involves using autocomplete attributes to make it easier to fill in forms: see here, and here.
However on multiple places I've seen people ...
- 131
1
vote
0
answers
88
views
LinkedIn website automatically gets my email address in Edge without consent, can all websites I browse silently get my email? [closed]
I'm using Edge 135 browser on Windows 10. I am currently logged in my Gmail account, but not logged in LinkedIn.
When browsing to https://www.linkedin.com (I never logged in on this website since I ...
- 982
12
votes
4
answers
6k
views
Why are browser HTTP auth schemes stuck in 1999?
Chromium supports Basic, Digest, NTLM, and Negotiate HTTP authentication schemes. Of those, the newest is Negotiate, which was present no later than 1999, because IE5 supported it (!!!). I can't find ...
- 263
2
votes
2
answers
652
views
End-to-End Encrypted Proxy Using Password Protected Certificate
I have a thought experiment for the community, curious what everyone's take on it is, specifically what are the major flaws in the idea and how could those be addressed without significantly diverging ...
- 234
16
votes
4
answers
6k
views
How does an "enterprise browser" work?
There are some new security companies selling what they call "enterprise browsers". For instance, Island (https://www.island.io/blog/what-is-an-enterprise-browser) is one of them. Both ...
- 261
8
votes
3
answers
3k
views
Is the Origin header trustworthy for requests sent by the browser?
In another question, I implied that an application can check the Origin request header to determine where the request is from. I was under the assumption that the browser sets this to the origin of ...
- 35.6k
2
votes
0
answers
463
views
Why does Cross-Origin-Opener-Policy prevent opening links to the same-origin/domain when target="_blank" is used?
Let's say you serve a website with the header Cross-Origin-Opener-Policy: same-origin. This is a new header that, if I understood it correctly, completely separates a browsing tab/origin to prevent ...
- 1,325
1
vote
2
answers
180
views
What is the best way for a non-expert to visit a probably malicious web site? [duplicate]
What is the best way for someone who is not a professional security expert to visit a web site that is suspected, with high confidence, to be malicious but has a high value if not?
This question was ...
- 447
3
votes
1
answer
453
views
Can you help me understand JShelter's browser fingerprint protection?
I've been testing my browsers against these sites:
https://www.thumbmarkjs.com/
https://fingerprint.com/
With JShelter in recommended mode I get same hash on ThumbMarkJS site on every page load but ...
- 41
1
vote
0
answers
139
views
Is there a way to limit browser extension internet access?
Most browser extensions I use are utility like tools that do something in the DOM. Like copying HTML tables to Markdown tables, accepting cookie warnings, removing ads, regex find replace et cetera.
...
- 7,715