Is terminal-based web browsers safer than Graphical User Interface-based web browsers?

[flashbulb]

My apologies if my ignorance towards how terminal-based web browser works, but I was looking at this topic viewtopic.php?p=2444922 since I was lurking and found interesting this topic (actually thought it was an official theme but no, still cool though) and I always assumed running a GUI-based web browser with NoScript or somehow disabling javascripts by other means from websites would substantially be way safer to browse through websites you are not used to when you searching and just mindlessly visiting websites trying to find something, but I discovered on this topic I mentioned above that there are apparently also how to compromise security simply because of CSS... Does terminal-based browsers is safer in terms of CSS and JS, or do they usually support both or what, is there a high-ground when comparing security for those reasons mentioned when it comes between a GUI-based and terminal-based web browsers?

[altair4]

Is it just me or is that post devoid of any periods to denote the end of a sentence?

[xenopeek]

See https://en.wikipedia.org/wiki/Compariso ... gy_support and https://en.wikipedia.org/wiki/Compariso ... pt_support to find which don't support it. Guess & quick look say that Links and Lynx both don't support CSS or JavaScript. They are available on Linux Mint. If not through Software Manager then through Synaptic or with apt install.

Websites that were designed with accessibility in mind should work without CSS though will obviously look a lot different in text only mode. Many websites won't work without JavaScript but many should work fine.

[xenopeek]

but I discovered on this topic I mentioned above that there are apparently also how to compromise security simply because of CSS...

The post in that topic mentioned this CSS attack: https://www.mike-gualtieri.com/posts/st ... nd-defense. He has a vulnerability tester at the end and a browser plugin to mitigate it. But do read it what the attack is about.

[MikeNovember]

but I discovered on this topic I mentioned above that there are apparently also how to compromise security simply because of CSS...

The post in that topic mentioned this CSS attack: https://www.mike-gualtieri.com/posts/st ... nd-defense. He has a vulnerability tester at the end and a browser plugin to mitigate it. But do read it what the attack is about.

Hi,

There are browsers extensions available to be protected against this "CSS data exfiltration attack", for Firefox, Chrome, Microsoft-edge. The extension is called "CSS Exfil Protection". It analyzes CSS code and blocks the execution of instructions related to the attack.

A vulnerability tester is available here: https://www.mike-gualtieri.com/css-exfi ... ity-tester

You can also download extensions from this website.

Regards,

MN

PS: 4 years after Gualtieri described this attack, browsers are still intrinsically vulnerable (I have tested Firefox and Microsoft-Edge); you are protected after extension installation. Javascript and CSS are attack vectors, and browsers developers don't do much to block, at least, the known attacks.

[Hoser Rob]

I don't think they're very well maintained, which negates any of the above advantages for me. Plus they're useless in the real world.