A web browser is an application which uses HTTP and related protocols to retrieve HTML and XML data from servers. As the web has become a critical source of information and communication, web browsers have become a critical component in information request, transfer and management.
Questions tagged [web-browser]
1603 questions
282
votes
3 answers
How did "tech-supportcenter" phishers trick Google?
Related: Is the Web browser status bar always trustable?
How can Google search change the location in a URL tooltip?
I've always thought you can "hover" over a link to see where it really goes, until today.
A coworker (working from home) searched…
browly
- 2,100
- 2
- 12
- 21
254
votes
5 answers
Is the save button delay in a Firefox download dialog a security feature? What does it protect?
When I click to download a file through Firefox, a dialog window appears asking me whether I want to save the file somewhere or open it immediately once downloaded.
The OK button in the dialog window starts disabled, and doesn't enable until the…
Numeron
- 2,455
- 3
- 15
- 19
193
votes
7 answers
How can I protect myself from this kind of clipboard abuse?
Clipboard abuse from websites
Many websites use JavaScript or CSS to stealthily insert or replace text in the user's clipboard whenever they copy information from the page. As far as I know this is mostly used for advertising purposes, but PoC for…
sam hocevar
- 1,869
- 2
- 13
- 9
172
votes
9 answers
Is Adblock (Plus) a security risk?
My email-provider's website (http://www.gmx.de) recently started linking to the (German) site http://www.browsersicherheit.info/ which basically claims that due to its capabilities to modify a site's appearance, Adblock Plus (and others) might…
Tobias Kienzler
- 7,578
- 10
- 43
- 66
166
votes
11 answers
Is visiting HTTPS websites on a public hotspot secure?
It's often said that HTTPS SSL/TLS connections are encrypted and said to be secure because the communication between the server and me is encrypted (also provides server authentication) so if someone sniffs my packets, they will need zillions of…
Calmarius
- 1,905
- 2
- 12
- 6
159
votes
4 answers
Why is the same origin policy so important?
I can't really fully understand what same origin domain means. I know it means that when getting a resource from another domain (say a JS file) it will run from the context of the domain that serves it (like Google Analytics code), which means it…
YSY
- 2,229
- 4
- 20
- 16
137
votes
2 answers
What is 'tabnabbing'?
Wikipedia is not very explicit on this,
The exploit employs scripts to rewrite a page of average interest with an impersonation of a well-known website, when left unattended for some time.
What is 'tabnabbing', how does one do it?
Matas Vaitkevicius
- 1,325
- 2
- 9
- 12
124
votes
4 answers
What is the website checking about my browser to protect the website from a DDoS?
Some sites I visit take me to a page that says roughly, "Checking your browser before accessing example.com. DDoS attack protection by CloudFlare".
What exactly about my browser is being checked and how will that help protect against a DDoS attack?
user133587
107
votes
5 answers
Should websites be allowed to disable autocomplete on forms or fields?
Currently, there is an HTML form/input attribute called autocomplete, which, when set to off, disables autocomplete/autofill for that form or element.
Some banks seem to use this to prevent password managers from working. These days sites like Yahoo…
Manishearth
- 8,237
- 5
- 34
- 56
98
votes
8 answers
Do we need to logout of webapps?
A quick Google search doesn't reveal whether it is important to logout of webapps (online banking, Amazon, Facebook, etc.), or if I am safe just closing the tab or browser. I am sure I heard on some TV show that it's best to logout...
What possible…
Angelo.Hannes
- 1,099
- 1
- 9
- 12
90
votes
4 answers
How to determine if a browser is using an SSL or TLS connection?
I want to know whether my browser is using SSL or TLS connection if I see HTTPS.
I want to know for IE, Firefox, Chrome and Safari. I want to know the protocol version.
zhtway
- 1,143
- 1
- 8
- 9
89
votes
4 answers
Is browser history an important factor when considering security?
I discovered something I consider a major vulnerability in a SaaS product that includes the username and password in the query string of the URL on registration and every login attempt.
The technical support of the service has told me they consider…
Ivan T.
- 1,053
- 1
- 6
- 12
88
votes
5 answers
Can "Accept cookie" button in a website be malicious?
I don't remember when this "accept/cancel cookie" button started to be used in websites. Why do they insist on getting users to click on this button?
Can it do any harm to user's PC or to collect any private and sensitive data? Their reason for…
0_o
- 1,142
- 1
- 9
- 19
86
votes
8 answers
What attacks are made possible by public release of my web history?
Assume that my Internet history is made public (accidentally or on purpose). And this release is over 24 hours since the visits were made.
Also, assume that there aren't embarrassing sites on there: there isn't any blackmail potential.
(My most…
Joe
- 823
- 1
- 6
- 9
83
votes
9 answers
How to fight browser fingerprinting?
https://panopticlick.eff.org/ , aka "How unique and trackable is your browser". For example it usually gives me a unique score. The biggest entropy values come from navigator.plugins and fonts via java and flash, but the linked pdf also points out…
n611x007
- 2,255
- 3
- 15
- 17