Aug 29, 2012 Developers should also use tools such as XSS Me for Firefox or domsnitch for Google Chrome to test their own sites for XSS vulnerabilities. As a secondary defense, a site could link browser cookie. Now that Firefox Quantum 57 is out with substantial — and potentially breaking — improvements to Gecko collectively known as Stylo or Quantum CSS, you may find yourself in a situation where you have to distinguish between legacy versions of Firefox and Firefox Quantum. XSS ME: Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities. 2009-02 XSS using a chrome XBL method and window.eval 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6) # Fixed in Firefox 3.0.5 2008-69 XSS vulnerabilities in SessionStore 2008-68 XSS and JavaScript privilege escalation 2008-67 Escaped null characters ignored by CSS parser.
Whenever i open firefox, it *always* makes itself windowed, but with the dimensions of my screen, meaning it's overlapping under windows' task bar, which is really annoying: I always have to manually maximize firefox after i started it.
- If i right click on firefox's icon and go to properties > Shortcut > Run and set to 'Maximized', nothing is changed.
- When I maximize firefox manually, close it, and reopen it, i see briefly firefox maximized, then it quickly changes to windowed mode again.
- I checked in the options and failed to see anything that could help.
- Out of despair, i even tried to blindly search in the variables available in about:config, without luck.
- I tried this on 2 different systems, both with windows 7 x64 installed and 8GB of RAM, without luck.
My system:
OS: windows 7 home premium x64RAM: 8GBCPU: i7-920
Add-on for FireFox - Find-XSS-Fire
Xss Me For Firefox Extension
There are many scanners selecting parameters in the address bar on the Internet. Most of them are paid and not cheap. But none of them is a browser extension. We decided to fill this gap. Meet the beta version of the scanner Find-XSS-Fire. Certainly it isn’t as powerful as our online scanner, but it is able to find something that could be missed. Besides it is absolutely free. The following is a description of the installation and use:
Download (install) here, version 0.0.4
Xss Me For Firefox Download
Installation:
Warning: scanning may damage the work of the resource, it is recommended to scan on localhost!
1. Drag the downloaded file into the FireFox browser and accept the installation.
2. The scanner icon should appear in the lower right corner (see the screenshot).
If not, then the lower toolbar for add-on is disabled.
To enable it do: View-> Toolbars-> Add-on Bar (or just ctrl + /, but the keys do not operate at all systems).
3. Indicate the URL of your website or a local address in the opened window.
4. Indicate the level of scanning (3 is recommended).
5. The scanner is allowed to scan only your websites. Any scanning of third-party products is prohibited and leads to criminal liability. If you are scanning your site, confirm it by checking the box.
6. After clicking on the scan the scanner starts.
7. Wait for the scan results. It may take to a few hours, depending on the speed of response of your server and the level of nesting.
When finding vulnerabilities you can contact us to remove them.