Can I use seprate firefox profiles to protect against CSRF, XSS and DNS Re-binding?
I read here (http://security.stackexchange.com/questions/106333/is-binding-all-private-services-to-the-127-0-0-1-address-and-then-accessing-them/106340?noredirect=1#comment187952_106340) that I should use separate security profiles for different sorts of things; accessing sensitive information, doing system administration vs. opening links from emails.
I know that different instances of Firefox can be run from specifying different profiles to start up the browser with. As long as these are limited to accessing a certain type of site; can they provide protection against CSRF, XSS, and DNS Re-binding?
Also, can these profiles be limited to visiting only certain sites? Can they also exclude certain sites to prevent for instance sites in private profiles (your bank, system administration) from being visited using a public profile (links in an email)?
Additional System Details
- DivX Web Player version 126.96.36.199
- The Videos 3.10.1 plugin handles video and audio streams.
- This plug-in detects the presence of iTunes when opening iTunes Store URLs in a web page with Firefox.
- User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0
P.S. I use Linux and Windows.
You can have as many profiles as you want. When you create new profiles, give them a name that shows that each is for.
I have this shortcut on my Windows desk top; "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -p
Yours may be different. Note the quotes and that the -p is on the outside.