Sponsored By

Sign in to follow this  
Peaches

Mozilla Unveils Cure For Web 2.0 World Run Amok

Recommended Posts

<h2></h2>

Mozilla unveils cure for Web 2.0 world run amok

Putting XSS worms on notice

by Dan Goodin in San Francisco

3rd October 2009

The Mozilla Foundation has unveiled an early version of its Firefox browser that it says could virtually eliminate one of the most common attack forms now menacing the web.

It implements an inchoate technology the foundation calls CSP, short for the Content Security Policy specification. It allows web developers to embed a series of HTML headers into their sites that by default block some of the most abused features from being offered. Newer versions of Firefox, and other browsers if they adopt the standard, would then enforce those policies across the site's entire domain.

The primary aim of CSP is to immunize websites from attacks based on XSS, or cross-site scripting. The exploits frequently target javascript, Adobe Flash and other user-supplied content that allows attackers to inject malicious content and code into trusted websites. Administrators then have the option of whitelisting only the types of content they need to make their sites work as designed.

Full story – The Register - http://www.theregister.co.uk/2009/10/03/mo...eb_20_solution/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this