Hardening the Firefox Frontend with Content Security Policies (attackanddefense.dev)

submitted 1 week ago by KarnaSubarna@lemmy.ml to c/firefox@lemmy.ml

1 comments fedilink hide all child comments

Summary

We have rewritten over 600 JavaScript event handlers to mitigate XSS and other injection attacks in the main Firefox user interface. This mitigation will ship in Firefox 138. However, blocking the execution of scripts in the parent process is not the end - we will expand this technique to other contexts in the near future. There is still more work to do as the UI requires JavaScript APIs with a high level of privileges. However: We still eliminated a whole class of attacks, significantly raising the bar for attackers to exploit Firefox. In fact, we hopefully just broke someone’s exploit chain.

you are viewing a single comment's thread
view the rest of the comments

[-] BlueSerendipity8@programming.dev 3 points 1 week ago

Nice to see that it's happening

this post was submitted on 09 Apr 2025

29 points (100.0% liked)

Firefox

19411 readers

11 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago

MODERATORS

k_o_t@lemmy.ml