Skip to main content

Mozilla Aims At Reducing XSS Flaws Thanks To New Technology

Mozilla foundation has announced that it is working on a new technology that could help in tackling the gruesome threat of Cross-Site Scripting (XSS) attacks, which have been inflicting damages to websites since several years.

XSS flaws pave way for malicious codes to be injected into genuine websites, which users feel free to click, leading to tricking users to steal their crucial information.

In a bid to take on the soaring XSS attacks, Mozilla has come up with a new technology, codenamed as “Content Security Policy”, which aims at handling the attacks by enabling website administrators to set directives notifying about the trustworthy domains.

Along with the capability of handling XSS, CSP also tries to address packet sniffing as well as clickjacking attacks by pinning down directives for which domains can integrate resources and need https.

Asserting on the benefits of the new security tool, Brandon Sterne, Mozilla's security programme manager, said in a statement, “Because CSP can be configured to notify the protected site when an attack is blocked, CSP will even benefit users of older browsers, by helping sites and plug vulnerabilities quickly”.

The open source foundation claimed that CSP will be completely backward compatible, and won't affect browsers and websites which don't support it.

and join more than 1600 other followers.

Our Comments

Cross site scripting security vulnerabilities have become more and more frequent and accounted for around 80 percent of all documented security vulnerabilities in 2007. XSS is prevalent mainly because of the ease with which the attacks can be mounted as well as the prevalence of browsers.

Related Links

Mozilla tackles XSS vulnerabilities with new technology


Mozilla's new security policy

(Heise Online)

Security Fixes and Improvements


New Mozilla Spec Aims At Ending Cross-Site Scripting

(PC Mag)

Mozilla working to defend web against XSS attacks

(IT Pro)

Mozilla Content Security Policy takes aim at XSS

(Internet News)

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.