this post was submitted on 09 Apr 2025
13 points (100.0% liked)

Firefox

5007 readers
32 users here now

A community for discussion about Mozilla Firefox.

founded 2 years ago
MODERATORS
lightbeam24@lemmy.world
13
Hardening the Firefox Frontend with Content Security Policies (attackanddefense.dev)
submitted 1 month ago by cm0002@lemmy.world to c/firefox@lemmy.world
0 comments fedilink hide all child comments
 

Summary

We have rewritten over 600 JavaScript event handlers to mitigate XSS and other injection attacks in the main Firefox user interface. This mitigation will ship in Firefox 138. However, blocking the execution of scripts in the parent process is not the end - we will expand this technique to other contexts in the near future. There is still more work to do as the UI requires JavaScript APIs with a high level of privileges. However: We still eliminated a whole class of attacks, significantly raising the bar for attackers to exploit Firefox. In fact, we hopefully just broke someone’s exploit chain.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here