Xss Me For Firefox

| Posted on by

If you remember, there used to an add-on for Firefox – XSS Me; which unfortunately no longer works out of the box for the latest versions of the browser. It was also a part of the Firefox Addons for helping you with web application penetration testing. We now have something similar to it that works on Google Chrome – XSS Radar. XSS Me 0.4.4 false xssme@security.compass Modified Preferences. If i right click on firefox's icon and go to properties Shortcut Run and set to 'Maximized.

Firefox 3.6 includes many CSS improvements. In this post we’re going to show you how to use CSS gradients.

If you are running the latest beta of Firefox 3.6, you should check out our interactive demo and take a look at the corresponding code. Use the radio buttons to switch different style options on or off.

Backgrounds with CSS Gradients

Using CSS gradients in a background allows you to display smooth transitions between two or more specified colors without having to use images. This in turn reduces download time and bandwidth use, looks better while zooming, and lets you create a more flexible layout.

Firefox 3.6 supports two kinds of CSS gradients: linear (-moz-linear-gradient) and radial (-moz-radial-gradient).

Linear Gradients

To create a linear gradient, you’ll need to set a starting point and a direction (or angle) for the gradient and to define the color stops.

Starting Point. The starting point works just like background position. You can set the horizontal and the vertical positions as a percentage, in pixels, or using left/center/right for horizontal, and top/center/bottom for vertical. Positions start from the top left corner. If you don’t specify the horizontal or the vertical position, it will default to center.

For example, here’s a linear gradient that starts at the center (horizontal) and top (vertical), and goes from blue to white:

One that starts left (horizontal) and center (vertical):

And a gradient starting left (horizontal) and top (vertical):

Angle. As you can see above, if you don’t specify an angle, it is defined automatically based on the start position. If you would like more control over the direction of the gradient, you can set the angle as well.

Firefox

For example, the following gradients have the same starting point of left center, but the one on the right hand-side also has an angle of 20 degrees.

When specifying the angle, remember that is it the angle between a horizontal line and the gradient line, going counter-clockwise. So using 0deg will generate a left to right horizontal gradient, while 90deg will create a vertical gradient from the bottom to the top.

Color Stops. In addition to start position and angle, you should specify color stops. Color stops are points along the gradient line that will have the specified color at the specified location (set as a percentage or length). The number of color stops is unlimited. If you use a percentage for the location, 0% represents the starting point, and 100% is the ending point, but values above and below those can be used to achieve the desired effect.

Here’s a simple example with three color stops. Because no point is specified for the first and last colors, they will default to 0% and 100%.

Colors will be evenly spaced if no position is specified.

Transparency. Gradients also support transparency. This can be useful, for example, when stacking multiple backgrounds. Here’s a combination of two backgrounds: one image and one linear gradient from white to transparent white.

Radial Gradients

The syntax for radial gradients is very similar to that of linear gradients:

In addition to the start position, the direction, and the colors, which you have already seen in linear gradients, radial gradients allow you to specify the gradient’s shape (circle or ellipse) and size (closest-side, closest-corner, farthest-side, farthest-corner, contain or cover).

Color stops. Just like with linear gradients, you should define color stops along the gradient line. The following circles have the same color stops, but the gradient on the left defaults to evenly spaced colors, while the one on the right has a specific position for each color.

Shape. Here you can see the difference between the two possible shapes, a circle (on the left) and an ellipse (on the right), both with a bottom left starting point:

Size. The different options for size (closest-side, closest-corner, farthest-side, farthest-corner, contain or cover) refer to the point used to define the size of the circle or ellipse.

Example: closest-side vs. farthest corner for an ellipse.
The following two ellipses have different sizes. The one on the left is set by the distance from the start point (center) to the closest-side, while the one on the right is determined by the distance from the start point to the farthest corner.

Example: closest-side vs. farthest-side for a circle.
The size of the circle on the left is determined by the distance between the start point (the center) and the closest side, while the one on the right is the distance between the start point and the farthest side.

Xss Me For Firefox Browser

Xss me for firefox chrome

Example: contained circle.
Here you can see the default circle on the left, and the version of the same gradient but contained on the right.

Repeating Gradients

If you would like to repeat a gradient, you should use -moz-repeating-linear-gradient and -moz-repeating-radial-gradient.

In the examples below, four color stops are specified in each case, and are repeated indefinitely.

Demo

Check out our interactive demo of linear and radial gradients for more examples.

Note that the gradient syntax has changed between Firefox 3.6 beta 1 and beta 2, so if you used gradients with beta 1, you may need to update your code.

About Alix Franquet


NoScript is Free Software (source code): if you like it, you can support its progress :)

NoScript 10 'Quantum' resources

Xss Me For Firefox Extension

The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows Xss

Xss Me For Firefox Version

JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).

NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known, such as Meltdown or Spectre, and even not known yet!) with no loss of functionality...

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the 'Block scripts in Firefox' video by cnet.

Staying safe has never been so easy!
Experts will agree: Firefox is really safer with NoScript!

Recommended: protect your Internet traffic, too, with Military Grade Encryption.

V. 11.1.6 - Quantum Security for everyone!

If you find any bug or you'd like an enhancement, please report here or here. Many thanks!

Main good news
  • Android-compatible prompts for XSS warnings and click-to-play.
  • Several improvements to handling of file:// pages.
  • Discoverable option to force site-leaking UI in PBM/Incognito.
  • Full UI keyboard-based navigation:
    Alt+Shift+N
    start
    Arrows/Tab
    move
    DEL/BKSPC/0
    DEFAULT
    +
    TRUSTED
    -
    UNTRUSTED
    C
    CUSTOM
    T
    Temp
    S
    HTTPS-lock
    HOME
    jump to the toolbar
    ESC/ENTER
    Close the UI
    R
    Reload current page without closing the UI
    Shift+G
    Globally disable restrictions
    Shift+T
    Disable restrictions on this tab
    P
    Set all on this page to Temp. TRUSTED
    F
    Forget temporary permissions
  • Operating on Incognito tabs prevents you from setting permanent permissions to avoid privacy leaks on disk (see https://trac.torproject.org/projects/tor/ticket/29957).
  • Improved Firefox Preview (Fenix) / Firefox for Android UI.
  • Completely asynchronous XSS Filter in its dedicated process
  • Several new and updated translations, thanks to the Localization Lab / OTF NoScript Transifex project.
  • 'Override Tor Browser Security Level preset' option offers more flexibility to NoScript+Tor power users.
More in the changelog...

Experts do agree...

Xss Me For Firefox Download

03/10/2014, Edward Snowden endorses NoScript as a countermeasure against state Surveillance State.

08/06/2008, 'I'd love to see it in there.' (Window Snyder, 'Chief Security Something-or-Other' at Mozilla Corp., interviewed by ZDNet about 'adding NoScript functionality into the core browser').

03/18/2008, 'Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits' (Rich Mogull on TidBITS, Should Mac Users Run Antivirus Software?).

11/06/2007, Douglas Crockford, world-famous JavaScript advocate and developer of JSON (one of the building blocks of Web 2.0), recommends using NoScript.

03/16/2007, SANS Internet Storm Center, the authoritative source of computer security related wisdom, runs a front-page Ongoing interest in Javascript issues diary entry by William Stearns just to say 'Please, use NoScript' :)
Actually, NoScript has been recommended several times by SANS, but it's nice to see it mentioned in a dedicated issue, rather than as a work-around for specific exploits in the wild. Many thanks, SANS!

05/31/2006, PC World's The 100 Best Products of the Year list features NoScript at #52!

Many thanks to PC World, of course, for grokking NoScript so much, and to IceDogg who kindly reported these news...

Xss Me For Firefox Chrome

In the press...

Xss Me Plugin For Firefox

  • CNET News: 'Giorgio Maone's NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory.' (March 9, 2009, Dennis O'Reilly, Get a new PC ready for everyday use)
  • Forbes: 'The real key to defeating malware isn't antivirus but approaches like Firefox's NoScript plug-in, which blocks Web pages from running potentially malicious programs' (Dec 11, 2008, Andy Greenberg, Filter The Virus Filters).
  • PC World: Internet Explorer 7 Still Not Safe Enough because it doesn't act like 'NoScript [...] an elegant solution to the problem of malicious scripting' (cite bite)
  • New York Times: '[...] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC', (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).
  • PC World's Ten Steps Security features using NoScript as step #6. (cite bite)
  • The Washington Post security blog compares MSIE 'advanced' security features (like so called 'Zones') to Firefox ones and recommends NoScript adoption as the safest and most usable approach. (cite bite)