Mozilla Tests More Secure FirefoxOctober 1, 2009 – 5:06 PM
Mozilla on Wednesday posted preview builds of its Firefox browser with security enhancements designed to mitigate the risk of certain Web attacks.
In a blog post, Brandon Sterne, security program manager for Mozilla, asks security researchers and server administrators to help test the changes by downloading a build appropriate for their operating system.
The preview versions of Firefox implement a specification called Content Security Policy (CSP), which is designed to protect against cross site scripting (XSS) attacks.
CSP originally also addressed cross site request forgery (CSRF) attacks, but the anti-CSRF measures have been moved into a separate security specification called the Origin Header proposal.
XSS and CSRF attacks have been used for data theft, Web site defacement, and malware distribution. They’re typically made possible by Web application coding errors.