Highest Voted 'plugins' Questions - IT Security Stack Exchange

70

votes

8 answers

Why use HTTPS Everywhere when we have HSTS supported browsers?

I know that the browser's default protocol to access any site is http:// when https:// is explicitly not mentioned, but even then if we browse to a website say www.facebook.com, the response header from the Facebook servers would have HSTS mentioned…

asked Apr 25 '17 at 20:49

GypsyCosmonaut

882
1
7
16

40

votes

3 answers

Is Ghostery safe to use?

I've heard about Ghostery, a browser extension/plugin that blocks web trackers. But according to this link it sells our data. Are add-ons and plugins open source in Firefox? Is there another alternative to Ghostery?

firefox plugins

asked Aug 28 '15 at 08:07

Vesal75

559
1
5
8

24

votes

2 answers

Why do Chrome extensions need access to 'all my data' and 'browsing activity'?

Often I install simple add-ons for Google Chrome. However, they almost all need what appears to me as excessive access to my data. For instance, I install an extension that allows me to click on any part of a page and it gives me the color of the…

chrome plugins browser-extensions

asked Nov 01 '11 at 01:16

user5672

18

votes

3 answers

What security risks does Firefox 19's built-in PDF reader (pdf.js) bring?

Firefox 19 ships with pdf.js as the default PDF reader. One of the main stated goals is to reduce the exposure of users to the often vulnerable Adobe PDF reader/plugin. So what new risks does pdf.js bring? An attacker that can get a user to browse…

javascript firefox plugins

asked Feb 26 '13 at 13:00

Michael

2,118
15
26

16

votes

3 answers

How secure is "Firefox Hello"?

The new "Firefox Hello" feature promises easy and safe video conversation. It is not nescessary to create an account, you simply share a link with your partner to start the conversation. The communication is promised to be "private and secure" on…

encryption firefox plugins webrtc

asked Jul 17 '15 at 21:59

dervonnebenaan

365
2
7

14

votes

3 answers

How trustful are KeePass plugins?

KeePass is great, I love it but after several years using it, sometimes I wish to install a plugin but I don't because I'm scared of what this plugin can really do without my consent. The documentation about plugin development is really short. I…

password-management keepass plugins

asked May 24 '17 at 01:53

Jérôme MEVEL

301
2
10

12

votes

1 answer

Virus attached or included in VST(i) Plugin

VST Plugins are DLL files available to be put into a folder in the Music Tool which then can use this as a plugin. Does VST have a mechanism not to execute malicious code inside the dll file? Can I safely install them without anti-virus?

virus plugins

asked May 19 '15 at 13:34

Daniel W.

267
2
10

8

votes

2 answers

Will disabling the Java add-on in IE protect you from Java exploits?

Concerning the recent Java vulnerability (Should I be disabling Java?), the most common advise seems to be to disable Java plug-ins in the browser. However, Heise Security suggests that, when it comes to Internet Explorer, this might not be…

web-browser java plugins internet-explorer

asked Jan 14 '13 at 08:39

Heinzi

2,914
2
21
25

7

votes

2 answers

Are inactive vulnerable Wordpress plugins still unsafe?

When you install a plugin in WordPress you can choose to activate or deactivate it. Let's say you have a plugin of which the latest version is vulnerable to XSS for example and you're waiting for a security fix to be released. Should I disable or…

vulnerability wordpress plugins vulnerability-management

asked Jun 22 '16 at 14:46

Fabio

183
1
6

6

votes

1 answer

Detecting disabled Chrome plugins using JavaScript

My cable was on the fritz this weekend and I had to visit a friend to watch HBO online. Something weird happened that has been bothering me. I have disabled the Flash plugin on Chrome, since all websites that I use support HTML5 video playback.…

javascript chrome detection flash plugins

asked Jun 22 '16 at 03:48

Jedi

3,906
2
24
42

4

votes

2 answers

security and the well constructed Qt plugin

"All you'd have to do is build a plugin and you could completely pwn the software." I'm building an application using plugins. I think all you have to do is build a plugin and copy it into the correct directory and my main program would happily run…

digital-signature plugins

asked Dec 01 '11 at 20:22

Jay

141
3

4

votes

4 answers

Is silverlight and Java running on the web browser capable of saving "state" into the user's local machines?

I am aware that even after we have cleared our cache and cookies, websites can still save files/information into our computer using Flash (Flash ever cookies), I was wondering does other plugins like Silverlight and Java have this…

web-browser privacy java flash plugins

asked Oct 18 '11 at 11:27

Pacerier

3,253
6
34
61

4

votes

1 answer

Metasploit. Is always replacing domain names with resolved ips on RHOST/RHOSTS?

There is a website which I want to audit. That site must have a concrete Virtualhost configuration because if you access to it using the domain name the website is shown, but if you use the ip address the website is not shown. If I launch an…

metasploit wordpress plugins virtualhost xmlrpc

asked May 14 '17 at 19:59

OscarAkaElvis

5,185
3
17
48

3

votes

2 answers

Can Tamper Data (the plugin) modify multipart requests?

I'm doing some testing on my web app with Tamper Data. I've had success with Tamper Data in the past for normal HTTP post requests, but in this particular case I want to modify a post request that that has the content-type set to…

plugins firefox

asked Dec 28 '11 at 15:28

Mark E. Haase

1,902
2
15
24

2

votes

1 answer

Open source alternatives to tamper data

I'm developing a browser(firefox) plug-in which essentially checks for malicious input. My current approach is to store all input fields sent in GET/POST requests, try to heuristically determine potential attack vectors and drop requests in case…

web-application web-browser attacks firefox plugins

asked Nov 25 '14 at 18:53

Sebi

1,391
9
16

Questions tagged [plugins]