Difference between revisions of "Disable use of iframes in firefox"
(Created page with "<yambe:breadcrumb>Security_tips|Security tips</yambe:breadcrumb> =Disable use of iFrames in firefox= It is very common to use iFrames for attacks, but legitimate use of iFram...") |
m |
||
Line 13: | Line 13: | ||
#:</pre> | #:</pre> | ||
#Restart firefox and try to visit http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe page to see if iframe is still visible or not. | #Restart firefox and try to visit http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe page to see if iframe is still visible or not. | ||
Note that any javascript code inside frame would still be executed. Visit http://www.quirksmode.org/iframetest.html to understand this point better. Also note that many people suggest going to about:config and setting browser.frames.enabled to false. But this did not work for me. In fact there are two plugins NoScript and Ghostery both of which also claim to help in blocking iFrames but they also do not work in case of http://www.quirksmode.org/iframetest.html page |
Revision as of 04:55, 1 March 2013
<yambe:breadcrumb>Security_tips|Security tips</yambe:breadcrumb>
Disable use of iFrames in firefox
It is very common to use iFrames for attacks, but legitimate use of iFrames is still very rare. Hence one can block iFrames completely to increase security at cost of minor inconvenience in visiting few websites which can then be created exception for or visited using another browser. To block iFrames in firefox use:
- Go to firefox profiles folder. In Linux profile folder is inside ~/.mozilla folder. Further profile folder name has pattern *.default.
- Create a folder named chrome, if it does not exists. (Yes name of folder is chrome and it has most likely nothing to do with Chrome browser)
- Create a file named userContent.css, if it does not exists.
- Add following configuration to userContent.css file:
- iframe {
- display: none !important;
- }
- Restart firefox and try to visit http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe page to see if iframe is still visible or not.
Note that any javascript code inside frame would still be executed. Visit http://www.quirksmode.org/iframetest.html to understand this point better. Also note that many people suggest going to about:config and setting browser.frames.enabled to false. But this did not work for me. In fact there are two plugins NoScript and Ghostery both of which also claim to help in blocking iFrames but they also do not work in case of http://www.quirksmode.org/iframetest.html page