Difference between revisions of "Disable use of iframes in firefox"

From Notes_Wiki
(Created page with "<yambe:breadcrumb>Security_tips|Security tips</yambe:breadcrumb> =Disable use of iFrames in firefox= It is very common to use iFrames for attacks, but legitimate use of iFram...")
 
m
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
<yambe:breadcrumb>Security_tips|Security tips</yambe:breadcrumb>
[[Main Page|Home]] > [[Security tips]] > [[Disable use of iframes in firefox]]
=Disable use of iFrames in firefox=


It is very common to use iFrames for attacks, but legitimate use of iFrames is still very rare.  Hence one can block iFrames completely to increase security at cost of minor inconvenience in visiting few websites which can then be created exception for or visited using another browser.  To block iFrames in firefox use:
It is very common to use iFrames for attacks, but legitimate use of iFrames is still very rare.  Hence one can block iFrames completely to increase security at cost of minor inconvenience in visiting few websites which can then be created exception for or visited using another browser.  To block iFrames in firefox use:
Line 13: Line 12:
#:</pre>
#:</pre>
#Restart firefox and try to visit http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe  page to see if iframe is still visible or not.
#Restart firefox and try to visit http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe  page to see if iframe is still visible or not.
Note that any javascript code inside frame would still be executed.  Visit http://www.quirksmode.org/iframetest.html to understand this point better.  Also note that many people suggest going to about:config and setting browser.frames.enabled to false.  But this did not work for me.  In fact there are two plugins NoScript and Ghostery both of which also claim to help in blocking iFrames but they also do not work in case of http://www.quirksmode.org/iframetest.html page
[[Main Page|Home]] > [[Security tips]] > [[Disable use of iframes in firefox]]

Latest revision as of 04:21, 18 April 2022

Home > Security tips > Disable use of iframes in firefox

It is very common to use iFrames for attacks, but legitimate use of iFrames is still very rare. Hence one can block iFrames completely to increase security at cost of minor inconvenience in visiting few websites which can then be created exception for or visited using another browser. To block iFrames in firefox use:

  1. Go to firefox profiles folder. In Linux profile folder is inside ~/.mozilla folder. Further profile folder name has pattern *.default.
  2. Create a folder named chrome, if it does not exists. (Yes name of folder is chrome and it has most likely nothing to do with Chrome browser)
  3. Create a file named userContent.css, if it does not exists.
  4. Add following configuration to userContent.css file:
    iframe {
    display: none !important;
    }
  5. Restart firefox and try to visit http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe page to see if iframe is still visible or not.


Note that any javascript code inside frame would still be executed. Visit http://www.quirksmode.org/iframetest.html to understand this point better. Also note that many people suggest going to about:config and setting browser.frames.enabled to false. But this did not work for me. In fact there are two plugins NoScript and Ghostery both of which also claim to help in blocking iFrames but they also do not work in case of http://www.quirksmode.org/iframetest.html page



Home > Security tips > Disable use of iframes in firefox