Mozilla’s security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting (XSS) plague against modern Web browsers.
The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for sites to explicitly tell the browser which content is legitimate. It can also help mitigate clickjacking and packet sniffing attacks. Read the full story [zdnet.com] Also see Mozilla’s explanation of the technology [mozilla.org]