Peaches Posted October 3, 2009 Report Share Posted October 3, 2009 <h2></h2>Mozilla unveils cure for Web 2.0 world run amok Putting XSS worms on noticeby Dan Goodin in San Francisco 3rd October 2009 The Mozilla Foundation has unveiled an early version of its Firefox browser that it says could virtually eliminate one of the most common attack forms now menacing the web. It implements an inchoate technology the foundation calls CSP, short for the Content Security Policy specification. It allows web developers to embed a series of HTML headers into their sites that by default block some of the most abused features from being offered. Newer versions of Firefox, and other browsers if they adopt the standard, would then enforce those policies across the site's entire domain. The primary aim of CSP is to immunize websites from attacks based on XSS, or cross-site scripting. The exploits frequently target javascript, Adobe Flash and other user-supplied content that allows attackers to inject malicious content and code into trusted websites. Administrators then have the option of whitelisting only the types of content they need to make their sites work as designed. Full story – The Register - http://www.theregister.co.uk/2009/10/03/mo...eb_20_solution/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.