Open source browser vendor Mozilla is readying an ambitious new release of its Firefox Web browser. The third beta of Firefox 4, set to debut sometime this month, is expected to include more stability, features and performance improvements over earlier versions.
Among the areas that Mozilla is focusing on with Firefox 4 are a number of new security features that it says will make the browser even more secure than earlier versions. The new Firefox 4 browser development comes as rival Microsoft pushes its Internet Explorer 9 platform forward and Google continues to accelerate its Chrome browser development.
One of the new security features in Firefox 4 is the Content Security Policy (CSP) effort.
"Content security policy is focused on Cross Site Scripting (XSS) mitigation so it prevents injected scripts from actually running," Brandon Sterne, security program manager at Mozilla, told InternetNews.com. "The site gets to declare a policy that the Firefox browser will then apply to the page and then any content that hasn't been blessed by the site won't be loaded or executed."
Sterne noted that in addition to helping to prevent XSS, the CSP system will also help to mitigate clickjacking (define)attacks as well. In clickjacking, an attacker embeds a login for a site on a third-party site where it doesn't belong, which then enables the attacker to get access he or she shouldn't have. CSP is designed to limit the risk of clickjacking attacks by letting site administrators set a policy specifying where their site content may be framed and where it can't.
Read the rest at eSecurity Planet.
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.