Archive for the 'firefox' Category
How to store large amounts of data in Firefox
by Justin Silverton
For most web applications, there are a couple of different options available for storing data on the client (within the web browser).
Flash allows the storage of up to 100 KB/domain without any user security prompts. The data being stored is accessible across the user’s Flash Player instances, loading stored data into Internet Explorer, Firefox, or any other browser that supports it.
Cookies are another option. A cookie stores user data across multiple browsing sessions. They are limited to 4 KB of storage per domain and are a good way to store user data for convenience or tracking. Web browsers contain cookie and privacy management features to wipe away stored cookies and their stored data and therefore have limited utility for continued persistence. Cookies are sent along with every request on a given domain, adding onto every message exchanged between an end-user’s browser and your site, even if the cookie data is only occasionally used.
Firefox has the ability to store an unlimited amount of data using DOM storage (This may be limited in future versions greater than 2.X).
Here is an example of how use DOM storage:
<script type="text/javascript">
//for security, this must be set to your domain
var storage = globalStorage['yourdomain.com'];
var pageCount;
function setItem(key,value) { //store an item
storage.setItem(key,value);
}
function getItem(key) { //retrieve an item and display it
alert(storage.getItem(key));
}
function removeItem(key) { //remove an item
storage.removeItem(key)
alert("Key:" +key +" was removed.");
}
</script>
Here are some other options that can be used with the globalStorage object:
- globalStorage[’developer.mozilla.org’] - All web pages within the developer.mozilla.org sub-domain can both read and write data to this storage object.
- globalStorage[’mozilla.org’] - All web pages with the mozilla.org domain can both read and write to this storage object.
A new password flaw found in Firefox 2
By Justin Silverton
In a recent article, a new flaw in firefox 2 is discussed:
“Mozilla’s Firefox 2.0 has long been considered a safer Web browser than Microsoft’s Internet Explorer, but a new flaw in the Firefox Password Manager, which lets users store usernames and passwords for trusted Web sites, could let hackers steal their login data.
The problem, known as a reverse cross-site request, or RCSR, was first discovered by Robert Chapin, a Microsoft Certified Systems Engineer (MCSE) and I.T, consultant. The RCSR appears on blogs, message boards, or group forums that let users add comments with embedded HTML code.
On sites that allow users to enter code, a hacker can embed a form that tricks the user’s browser into sending its username and password information to the hacker’s computer. Because the form is embedded on a trusted Web site, the browser’s built-in antiphishing protection, which is designed to alert users to fraudulent Web sites, does not detect the problem.”
When will this flaw be fixed?
The Mozilla Foundation (the group behind the firefox browser) has classified it as Bug #360493 and also announced that it will be fixed in version 2.0.0.1 or 2.0.0.2.
This attack can be avoided by disabling the browsers’ autosave features for usernames and passwords. In Firefox, the feature is found in the “Options” window under the “Tools” menu.