On Monday, December 20, 2021 09:13:07 PM Jeremy Ardley wrote: > On 21/12/21 10:09 am, Jeremy Ardley wrote:s. > > > There is a type of attack called cross-site scripting (XSS). It's > > mostly been eliminated by latest version browsers, but there are > > always zero-day vulnerabilities. > > > > The effect is that if you are vulnerable and have two tabs open, one > > to the legitimate site, and one to a bad guy site, the bad guy can > > alter your trusted site and for instance change a valid link into > > something malicious, or change a displayed phone number. > > > > More at https://owasp.org/www-community/attacks/xss/ > > You can mitigate XSS by having a single browser that is used solely to > access high value sites. e.g. if you routinely run Firefox, have a copy > of Vivaldi that you use to access your banks - one at a time.
I have an almost up-to-date copy of Firefox that I use for my high value sites, and that is the copy of Firefox that I used at the time.
