Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
USS
2010
2010
Securing Script-Based Extensibility in Web Browsers
Web browsers are increasingly designed to be extensible to keep up with the Web's rapid pace of change. This extensibility is typically implemented using script-based extensions. Script extensions have access to sensitive browser APIs and content from untrusted web pages. Unfortunately, this powerful combination creates the threat of privilege escalation attacks that grant web page scripts the full privileges of extensions and control over the entire browser process. This paper makes two contributions. First, it describes the pitfalls of script-based extensibility based on our study of the Firefox web browser. We find that script-based extensions can lead to arbitrary code injection and execution control, the same types of vulnerabilities found in unsafe code. Second, we propose a taint-based system to track the spread of untrusted data in the browser and to detect the characteristic signatures of privilege escalation attacks. We evaluate this approach by using exploits from the ...
Real-time TrafficOperating System | Privilege Escalation Attacks | Script-based Extensions | USS 2010 | Web Browser |
Related Content
| Added | 15 Feb 2011 |
| Updated | 15 Feb 2011 |
| Type | Journal |
| Year | 2010 |
| Where | USS |
| Authors | Vladan Djeric, Ashvin Goel |
Comments (0)
Researcher Info
|
