Mitigating cross-site form history spamming attacks with domain-based ranking

Abstract

Modern Web browsers often provide a very useful form autocomplete feature to help users conveniently speed up their form filling process. However, browsers are generally too permissive in both saving form history data and suggesting them to users. Attackers can take advantage of this permissiveness and use malicious webpages to inject a large amount of junk or spam data into the form history database of a browser, performing invasive advertising or simply making this useful form autocomplete feature almost useless to users. In this paper, we illustrate that this type of cross-site form history spamming attacks can be feasibly achieved at least on the recent versions of Mozilla Firefox and Google Chrome browsers. We inspect the autocomplete feature implementations in open source Firefox and Chromium browsers to analyze how basic and advanced cross-site form history spamming attacks can be successful. Browser vendors are apparently taking active measures to protect against these attacks, but we explore a different approach and propose a domain-based ranking mechanism to address the problem. Our mechanism is simple, transparent to users, and easily adoptable by different browsers to complement their existing protection mechanisms. We have implemented this mechanism in Firefox 3 and verified its effectiveness. We make our Firefox 3 build available for download and verification. © 2011 Springer-Verlag.