 | CsFireA Firefox extension that protects you against dangerous or malicious cross-domain requests |
| Download | |
CsFire Ranking & Summary
Advertisement
CsFire Tags
CsFire Description
CsFire is an add-on for Mozilla Firefox which protects you against malicious cross-domain requests. Such cross-domain requests can lead to Cross-Site Request Forgery (CSRF) attacks or can be used to track you around the internet. When a website makes requests to another site, all kinds of malicious effects can occur. For instance, the information included in the request can be used to track the sites you visit. The request can also trigger certain undesired actions, an attack which is called Cross-Site Request Forgery (CSRF). CSRF is considered very dangerous, as indicated by its ranking in the OWASP top 10 and the CWE/SANS top 25. The problem with a CSRF attack is that it makes requests on behalf of the user, without his/her knowledge. For instance, if a site (e.g. example.com) makes hidden requests to another site (e.g. myonlinebank.com), it can potentially cause harmful effects (transfer funds, create accounts, ...). CsFire is a Firefox extension designed to protect you against malicious cross-domain requests, by rendering them harmless. This means that CsFire will remove authentication information (cookies and authentication headers), which ensures that a cross-domain request can not have harmful or undesired side-effects. CsFire provides a secure-by-default policy, which can be extended with fine-grained remote policies as well as fine-grained local policies. The remote policies are obtained from a policy server, to selectively allow certain harmless cross-domain requests (e.g. sharing items on facebook). The local policies allow you to specify certain cross-domain requests that should be treated differently, should you wish to do so (this is not required in normal surfing scenarios).
CsFire Related Software