CsFire for linux Publisher's description
Autonomously protects you against dangerous or malicious cross-domain requests
When a website makes requests to another site, all kinds of malicious effects can occur. For instance, the information included in the request can be used to track the sites you visit. The request can also trigger certain undesired actions, an attack which is called Cross-Site Request Forgery (CSRF).
CSRF is considered very dangerous, as indicated by its ranking in the OWASP top 10 and the CWE/SANS top 25. The problem with a CSRF attack is that it makes requests on behalf of the user, without his/her knowledge. For instance, if a site (e.g. example.com) makes hidden requests to another site (e.g. myonlinebank.com), it can potentially cause harmful effects (transfer funds, create accounts, ...).
CsFire is a Firefox extension that protects you against malicious cross-domain requests, by rendering them harmless. This means that CsFire will remove authentication information (cookies and authentication headers), which ensures that a cross-domain request can not have harmful or undesired side-effects.
CsFire provides a secure-by-default policy, which can be extended with fine-grained remote policies as well as fine-grained local policies. The remote policies are obtained from a policy server, to selectively allow certain harmless cross-domain requests (e.g. sharing items on facebook). The local policies allow you to specify certain cross-domain requests that should be treated differently, should you wish to do so (this is not required in normal surfing scenarios).
CsFire is the result of an academic research paper titled CsFire: Transparent client-side mitigation of malicious cross-domain requests, published at the International Symposium on Engineering Secure Software and Systems 2010. The paper discusses the research behind this implementation, as well as the technical details of CsFire.
What's New in This Release:В· Fixed redirect detection in Firefox 4 (API change)
В· Added localization for user interface
В· Added detection of url-encoded GET parameters
System Requirements:В· Mozilla Firefox
Program Release Status:
Program Install Support: Install and Uninstall