this post was submitted on 09 Apr 2025
27 points (100.0% liked)

Firefox

19389 readers
165 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
[email protected]
27
Hardening the Firefox Frontend with Content Security Policies (attackanddefense.dev)
submitted 5 days ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
 

Summary

We have rewritten over 600 JavaScript event handlers to mitigate XSS and other injection attacks in the main Firefox user interface. This mitigation will ship in Firefox 138. However, blocking the execution of scripts in the parent process is not the end - we will expand this technique to other contexts in the near future. There is still more work to do as the UI requires JavaScript APIs with a high level of privileges. However: We still eliminated a whole class of attacks, significantly raising the bar for attackers to exploit Firefox. In fact, we hopefully just broke someone’s exploit chain.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 5 days ago

Nice to see that it's happening