A Glimpse Into the Future of Browser Security

Wednesday, September 30, 2009

As we mentioned earlier we’ve been working for the past few months on turning the Content Security Policy specification into working Firefox code. (You’ll remember that CSP is a framework to protect websites from XSS and related attacks). We are happy to report that the work is nearly finished, and we have some preview builds available for you to try out.

We’re thrilled to have received so much great feedback from other browser vendors, web site administrators, and security researchers and we’re very proud of the design that has come out of that discussion. We would like to encourage any server administrators or web app security researchers who are interested in this project to grab a preview Firefox build and help us test the new features. Please be aware that there are still a few rough spots. The implementation is not quite complete so you may notice some small gaps between the preview builds and the spec. Most notably, HTTP redirects are not yet handled by CSP (but will be soon).

I posted a demo page where you can see the basic features of CSP in action, though we’re all much more excited to see all the tests and proof points our friends in the security research community are sure to turn up. Please grab a preview build and start testing!

Brandon Sterne
Security Program Manager

Original Source:
http://blog.mozilla.com/security/2009/09/30/a-glimpse-into-the-future-of-browser-security/
Possibly Related Articles:
8599
Webappsec->General
Firefox Mozilla Browser Security
Post Rating I Like this!