Hardening the Firefox Frontend with Content Security Policies (attackanddefense.dev)

submitted 1 month ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

Summary

We have rewritten over 600 JavaScript event handlers to mitigate XSS and other injection attacks in the main Firefox user interface. This mitigation will ship in Firefox 138. However, blocking the execution of scripts in the parent process is not the end - we will expand this technique to other contexts in the near future. There is still more work to do as the UI requires JavaScript APIs with a high level of privileges. However: We still eliminated a whole class of attacks, significantly raising the bar for attackers to exploit Firefox. In fact, we hopefully just broke someone’s exploit chain.

top 1 comments

sorted by: hot top new old

[-] [email protected] 3 points 1 month ago

Nice to see that it's happening

this post was submitted on 09 Apr 2025

31 points (100.0% liked)

Firefox

19868 readers

36 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago

MODERATORS

[email protected]