After reading this article I think I should drop it here in order to raise awareness among us developers, because from my experience I know that a lot of them are not aware that when they browse into a website they can be hacked while passively browsing the content of it, even when the site looks perfectly normal and behaves normal.
Quoting the article:
As an example of how a browser-based attack works, consider a scenario where a Windows user visits a seemingly benign but now malicious website, possibly one he or she has visited before, or as the result of an enticing email. As soon as a connection occurs, the user’s browser begins interacting with the site. Assuming the system is using JavaScript, which according to research firms like Web Technology Surveys, 94% of all websites do and over 90% of browsers have it enabled, the browser will immediately download and start executing JavaScript files from the malicious website.
Several techniques that use javascript can be used, like in the British Airways or TicketMaster hacks from the well known cyber Criminals MageCart.
But javascript is not the only vector used for browser attacks, Flash or PDF's can also be used to exploit your browser vulnerabilities.
So all this types of browser attacks will be used to exfiltrate data as you type it, like credentials to login into your bank account or to permanently infect your computer with malware or ransomware.
So we must suspect when a page takes to much time to load or keeps having the spinner active in your tab and hit F12 to look what is doing.
I use 9.9.9.9 in conjunction with Steven Black Hosts File to resolve DNS in order to protect me from sites that are considered dangerous (I will do an article later on this setup). Another alternatives exist for the same but they require active software running on my network and I am not feeling confident in allowing it. I also use Firefox with tracking protection always enabled.
Oh did I mentioned you that now the page load time of the pages I visited are much more faster and free of tracking and ads???
Top comments (3)
You mean Firefox ESR? Would not recommend, switch to Chrome instead if you want good advice.
Also we have discuss it here.
The article is focused on the Tor Browser, but discuss mainly security holes in Firefox ESR (on which is TB based).
I only use the normal release of Firefox in Ubuntu.
Currently Firefox Quantum 63.0.3