Does incognito/private browsing prevent XSS attacks?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












When starting an incognito/private browsing session, no cookies from other browsing profiles should exist. For example, if I am logged in to a site on my main browsing profile, then start a new private browsing session, I am not logged into that same site (cookies not carried over). Assuming it is a new private browsing session, there should not be any existing cookies or sensitive information that is available at all.



Does this also have the side effect of preventing or nullifying XSS attacks since there is no sensitive data to steal? Or this is a false sense of security?










share|improve this question







New contributor




Jack is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • How precisely would the XSS attack be performed?
    – curiousguy
    22 mins ago














up vote
1
down vote

favorite












When starting an incognito/private browsing session, no cookies from other browsing profiles should exist. For example, if I am logged in to a site on my main browsing profile, then start a new private browsing session, I am not logged into that same site (cookies not carried over). Assuming it is a new private browsing session, there should not be any existing cookies or sensitive information that is available at all.



Does this also have the side effect of preventing or nullifying XSS attacks since there is no sensitive data to steal? Or this is a false sense of security?










share|improve this question







New contributor




Jack is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



















  • How precisely would the XSS attack be performed?
    – curiousguy
    22 mins ago












up vote
1
down vote

favorite









up vote
1
down vote

favorite











When starting an incognito/private browsing session, no cookies from other browsing profiles should exist. For example, if I am logged in to a site on my main browsing profile, then start a new private browsing session, I am not logged into that same site (cookies not carried over). Assuming it is a new private browsing session, there should not be any existing cookies or sensitive information that is available at all.



Does this also have the side effect of preventing or nullifying XSS attacks since there is no sensitive data to steal? Or this is a false sense of security?










share|improve this question







New contributor




Jack is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











When starting an incognito/private browsing session, no cookies from other browsing profiles should exist. For example, if I am logged in to a site on my main browsing profile, then start a new private browsing session, I am not logged into that same site (cookies not carried over). Assuming it is a new private browsing session, there should not be any existing cookies or sensitive information that is available at all.



Does this also have the side effect of preventing or nullifying XSS attacks since there is no sensitive data to steal? Or this is a false sense of security?







web-browser xss






share|improve this question







New contributor




Jack is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




Jack is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




Jack is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 1 hour ago









Jack

61




61




New contributor




Jack is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Jack is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Jack is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • How precisely would the XSS attack be performed?
    – curiousguy
    22 mins ago
















  • How precisely would the XSS attack be performed?
    – curiousguy
    22 mins ago















How precisely would the XSS attack be performed?
– curiousguy
22 mins ago




How precisely would the XSS attack be performed?
– curiousguy
22 mins ago










1 Answer
1






active

oldest

votes

















up vote
2
down vote













An XSS attack is not primarily about cookies. It is not about stealing sensitive data either. It is instead about executing attacker-controlled code on the client side within the context of the site you visit. What kind of harm can be done by this code depends on the actual site and context.



Using a private browsing session will not prevent XSS by itself but it might limit the impact of what harm XSS can do - i.e. it has no access to the cookies or other stored data from the non-private browser session. It might though still do harm, but again this depends on the specific context and site you visit.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "162"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );






    Jack is a new contributor. Be nice, and check out our Code of Conduct.









     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196121%2fdoes-incognito-private-browsing-prevent-xss-attacks%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote













    An XSS attack is not primarily about cookies. It is not about stealing sensitive data either. It is instead about executing attacker-controlled code on the client side within the context of the site you visit. What kind of harm can be done by this code depends on the actual site and context.



    Using a private browsing session will not prevent XSS by itself but it might limit the impact of what harm XSS can do - i.e. it has no access to the cookies or other stored data from the non-private browser session. It might though still do harm, but again this depends on the specific context and site you visit.






    share|improve this answer
























      up vote
      2
      down vote













      An XSS attack is not primarily about cookies. It is not about stealing sensitive data either. It is instead about executing attacker-controlled code on the client side within the context of the site you visit. What kind of harm can be done by this code depends on the actual site and context.



      Using a private browsing session will not prevent XSS by itself but it might limit the impact of what harm XSS can do - i.e. it has no access to the cookies or other stored data from the non-private browser session. It might though still do harm, but again this depends on the specific context and site you visit.






      share|improve this answer






















        up vote
        2
        down vote










        up vote
        2
        down vote









        An XSS attack is not primarily about cookies. It is not about stealing sensitive data either. It is instead about executing attacker-controlled code on the client side within the context of the site you visit. What kind of harm can be done by this code depends on the actual site and context.



        Using a private browsing session will not prevent XSS by itself but it might limit the impact of what harm XSS can do - i.e. it has no access to the cookies or other stored data from the non-private browser session. It might though still do harm, but again this depends on the specific context and site you visit.






        share|improve this answer












        An XSS attack is not primarily about cookies. It is not about stealing sensitive data either. It is instead about executing attacker-controlled code on the client side within the context of the site you visit. What kind of harm can be done by this code depends on the actual site and context.



        Using a private browsing session will not prevent XSS by itself but it might limit the impact of what harm XSS can do - i.e. it has no access to the cookies or other stored data from the non-private browser session. It might though still do harm, but again this depends on the specific context and site you visit.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 1 hour ago









        Steffen Ullrich

        109k12188253




        109k12188253




















            Jack is a new contributor. Be nice, and check out our Code of Conduct.









             

            draft saved


            draft discarded


















            Jack is a new contributor. Be nice, and check out our Code of Conduct.












            Jack is a new contributor. Be nice, and check out our Code of Conduct.











            Jack is a new contributor. Be nice, and check out our Code of Conduct.













             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196121%2fdoes-incognito-private-browsing-prevent-xss-attacks%23new-answer', 'question_page');

            );

            Post as a guest













































































            Comments

            Popular posts from this blog

            What does second last employer means? [closed]

            Installing NextGIS Connect into QGIS 3?

            One-line joke