{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:08:49Z","timestamp":1763968129165,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,6,4]],"date-time":"2014-06-04T00:00:00Z","timestamp":1401840000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004963","name":"Seventh Framework Programme","doi-asserted-by":"publisher","award":["FP7-318097","FP7-256964"],"award-info":[{"award-number":["FP7-318097","FP7-256964"]}],"id":[{"id":"10.13039\/501100004963","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,6,4]]},"DOI":"10.1145\/2590296.2590336","type":"proceedings-article","created":{"date-parts":[[2014,5,30]],"date-time":"2014-05-30T18:18:31Z","timestamp":1401473911000},"page":"183-194","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":21,"title":["Protecting users against XSS-based password manager abuse"],"prefix":"10.1145","author":[{"given":"Ben","family":"Stock","sequence":"first","affiliation":[{"name":"FAU Erlangen-Nuremberg, Erlangen, Germany"}]},{"given":"Martin","family":"Johns","sequence":"additional","affiliation":[{"name":"SAP AG, Karlsruhe, Germany"}]}],"member":"320","published-online":{"date-parts":[[2014,6,4]]},"reference":[{"unstructured":"Alexa Internet Inc. Alexa Top 500 Global Sites. Website http:\/\/www.alexa.com\/ accessed in March 2010.  Alexa Internet Inc. Alexa Top 500 Global Sites. Website http:\/\/www.alexa.com\/ accessed in March 2010.","key":"e_1_3_2_1_1_1"},{"unstructured":"Barth A. The web origin concept November 2009.  Barth A. The web origin concept November 2009.","key":"e_1_3_2_1_2_1"},{"key":"e_1_3_2_1_3_1","first-page":"286","volume-title":"Computer Security--ESORICS","author":"Bojinov H.","year":"2010"},{"key":"e_1_3_2_1_4_1","first-page":"1","volume-title":"15th USENIX Security Symposium","author":"Chiasson S.","year":"2006"},{"doi-asserted-by":"crossref","unstructured":"Dierks T. and Allen C. The TLS Protocol Version 1.0. RFC 2246 http:\/\/www.ietf.org\/rfc\/rfc2246.txt January 1999.   Dierks T. and Allen C. The TLS Protocol Version 1.0. RFC 2246 http:\/\/www.ietf.org\/rfc\/rfc2246.txt January 1999.","key":"e_1_3_2_1_5_1","DOI":"10.17487\/rfc2246"},{"unstructured":"Dolske J. On firefox's password manager. {online} https:\/\/blog.mozilla.org\/dolske\/2013\/08\/20\/on-firefoxs-password-manager\/ August 2013.  Dolske J. On firefox's password manager. {online} https:\/\/blog.mozilla.org\/dolske\/2013\/08\/20\/on-firefoxs-password-manager\/ August 2013.","key":"e_1_3_2_1_6_1"},{"doi-asserted-by":"crossref","unstructured":"Franks J. Hallam-Baker P. Hostetler J. Lawrence S. Leach P. Luotonen A. and Stewart L. HTTP Authentication: Basic and Digest Access Authentication. RFC 2617 http:\/\/www.ietf.org\/rfc\/rfc2617.txt June 1999.   Franks J. Hallam-Baker P. Hostetler J. Lawrence S. Leach P. Luotonen A. and Stewart L. HTTP Authentication: Basic and Digest Access Authentication. RFC 2617 http:\/\/www.ietf.org\/rfc\/rfc2617.txt June 1999.","key":"e_1_3_2_1_7_1","DOI":"10.17487\/rfc2617"},{"key":"e_1_3_2_1_8_1","first-page":"770","volume-title":"Computer Security--ESORICS","author":"Gasti P.","year":"2012"},{"unstructured":"Gonzalez R. Chen E. Y. and Jackson C. Automated password extraction attack on modern password managers. arXiv preprint arXiv:1309.1416 (2013).  Gonzalez R. Chen E. Y. and Jackson C. Automated password extraction attack on modern password managers. arXiv preprint arXiv:1309.1416 (2013).","key":"e_1_3_2_1_9_1"},{"unstructured":"Google Developers. Chrome Extensions - Developer's Guide. {online} http:\/\/developer.chrome.com\/extensions\/devguide.html last access 06\/05\/13 2012.  Google Developers. Chrome Extensions - Developer's Guide. {online} http:\/\/developer.chrome.com\/extensions\/devguide.html last access 06\/05\/13 2012.","key":"e_1_3_2_1_10_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_11_1","DOI":"10.1145\/1060745.1060815"},{"unstructured":"Hickson I. Web forms 2.0 Apri 2005.  Hickson I. Web forms 2.0 Apri 2005.","key":"e_1_3_2_1_12_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_13_1","DOI":"10.1145\/975817.975820"},{"key":"e_1_3_2_1_14_1","first-page":"233","volume-title":"Information Security and Cryptology-ICISC","author":"Karole A.","year":"2010"},{"unstructured":"Klein A. Dom based cross site scripting or xss of the third kind. Web Application Security Consortium Articles 4 (2005).  Klein A. Dom based cross site scripting or xss of the third kind. Web Application Security Consortium Articles 4 (2005).","key":"e_1_3_2_1_15_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_16_1","DOI":"10.1145\/2508859.2516703"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_17_1","DOI":"10.1007\/978-3-642-27937-9_17"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_18_1","DOI":"10.1145\/2508859.2516726"},{"unstructured":"Microsoft. Ie8 security part vii: Clickjacking defenses 2009.  Microsoft. Ie8 security part vii: Clickjacking defenses 2009.","key":"e_1_3_2_1_19_1"},{"unstructured":"Mozilla. Firefox Add-On SDK - Passwords.  Mozilla. Firefox Add-On SDK - Passwords.","key":"e_1_3_2_1_20_1"},{"unstructured":"Mozilla Developer Network. How to Turn Off Form Autocompletion. {online} https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/How_to_Turn_Off_Form_Autocompletion May 2013.  Mozilla Developer Network. How to Turn Off Form Autocompletion. {online} https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/How_to_Turn_Off_Form_Autocompletion May 2013.","key":"e_1_3_2_1_21_1"},{"unstructured":"Mozilla Developer Network. Object.defineProperty(). {online} https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Reference\/Global_Objects\/Object\/defineProperty November 2013.  Mozilla Developer Network. Object.defineProperty(). {online} https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Reference\/Global_Objects\/Object\/defineProperty November 2013.","key":"e_1_3_2_1_22_1"},{"unstructured":"O'Shannessy P. Bug 359675 - provide an option to manually fill forms and log in.  O'Shannessy P. Bug 359675 - provide an option to manually fill forms and log in.","key":"e_1_3_2_1_23_1"},{"unstructured":"OWASP. Cross-site scripting (xss) September 2013.  OWASP. Cross-site scripting (xss) September 2013.","key":"e_1_3_2_1_24_1"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 14th Usenix Security Symposium","volume":"1998","author":"Ross B.","year":"2005"},{"volume-title":"Web 2.0 Security and Privacy (W2SP 2010)","year":"2010","author":"Rydstedt G.","key":"e_1_3_2_1_26_1"},{"unstructured":"Security W. Website security statistics report May 2013.  Security W. Website security statistics report May 2013.","key":"e_1_3_2_1_27_1"},{"unstructured":"Toews B. Abusing password managers with xss. online 04 2012.  Toews B. Abusing password managers with xss. online 04 2012.","key":"e_1_3_2_1_28_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_29_1","DOI":"10.1145\/1143120.1143133"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_30_1","DOI":"10.1145\/1065545.1065546"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_31_1","DOI":"10.1145\/2435349.2435397"}],"event":{"sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"acronym":"ASIA CCS '14","name":"ASIA CCS '14: 9th ACM Symposium on Information, Computer and Communications Security","location":"Kyoto Japan"},"container-title":["Proceedings of the 9th ACM symposium on Information, computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2590296.2590336","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2590296.2590336","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:55:52Z","timestamp":1750229752000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2590296.2590336"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,6,4]]},"references-count":31,"alternative-id":["10.1145\/2590296.2590336","10.1145\/2590296"],"URL":"https:\/\/doi.org\/10.1145\/2590296.2590336","relation":{},"subject":[],"published":{"date-parts":[[2014,6,4]]},"assertion":[{"value":"2014-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}