Mozilla Tackles XSS Vulnerabilities, Clickjacking Attacks

Mozilla’s security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting (XSS) plague against modern Web browsers.
The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for sites to explicitly tell the browser which content is legitimate. It can also help mitigate clickjacking and packet sniffing attacks. Read the full story [zdnet.com]  Also see Mozilla’s explanation of the technology [mozilla.org]

Mozilla’s security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting (XSS) plague against modern Web browsers.

The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for sites to explicitly tell the browser which content is legitimate. It can also help mitigate clickjacking and packet sniffing attacks. Read the full story [zdnet.com]  Also see Mozilla’s explanation of the technology [mozilla.org]

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.