Mozilla has released a test build of Firefox that adds new technology designed to stymie most Web-based attacks, the browser maker said Sunday.
The technology, dubbed "Content Security Policy" (CSP), is a Mozilla-initiated specification targeted at Web site and application developers, who will be able to define which content on the site or in the online application is legitimate. That would block any script or malicious code that's been added by hackers who manage to compromise the site or app. Such attacks are generally tagged with the label of cross-site scripting (XSS).
Preview editions of Firefox are available for developers to try out, said Mozilla in an announcement last week.
"This isn't a single trick that's meant to counter a single kind of attack," said Johnathan Nightingale, the manager of the Firefox front-end development team. "This helps sites solve cross-site scripting, but it's more than that. They now have a way to shut everything dynamic off, so that no matter what content gets added to a site, if it's on the page and they've sent us policy instructions in its header, we shut it down."
More: http://computerworld.com/s/article/9138918/
............................................................................................
The technology, dubbed "Content Security Policy" (CSP), is a Mozilla-initiated specification targeted at Web site and application developers, who will be able to define which content on the site or in the online application is legitimate. That would block any script or malicious code that's been added by hackers who manage to compromise the site or app. Such attacks are generally tagged with the label of cross-site scripting (XSS).
Preview editions of Firefox are available for developers to try out, said Mozilla in an announcement last week.
"This isn't a single trick that's meant to counter a single kind of attack," said Johnathan Nightingale, the manager of the Firefox front-end development team. "This helps sites solve cross-site scripting, but it's more than that. They now have a way to shut everything dynamic off, so that no matter what content gets added to a site, if it's on the page and they've sent us policy instructions in its header, we shut it down."
More: http://computerworld.com/s/article/9138918/
