Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
How to mitigate ABP filter list $rewrite arbitrary code injection?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: How to mitigate ABP filter list $rewrite arbitrary code injection? (Read 815 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
How to mitigate ABP filter list $rewrite arbitrary code injection?
«
on:
April 16, 2019, 05:21:24 PM »
Read about the threat:
https://armin.dev/blog/2019/04/adblock-plus-code-injection/
and from ABP:
https://adblockplus.org/blog/potential-vulnerability-through-the-url-rewrite-filter-option
ABP users should use uBlock Origin adblocker as it is not vulnerable,
as it does not support the $rewrite filter option.
Re:
https://github.com/gorhill/uBlock/
Furthermore the the exploit can be mitigated in the affected web services by whitelisting known origins
using the connect-src CSP header, or by eliminating server-side open redirects.
I use uBlock Origin in combination with a script blocker like uMatrix.
I won't refrain from ad- and script-blocking in the light of potentially malcious web content.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
How to mitigate ABP filter list $rewrite arbitrary code injection?