Firefox Plans New Security Features

Open source browser vendor Mozilla is readying an ambitious new release of its Firefox Web browser. The third beta of Firefox 4, set to debut sometime this month, is expected to include more stability, features and performance improvements over earlier versions.

Among the areas that Mozilla is focusing on with Firefox 4 are a number of new security features that it says will make the browser even more secure than earlier versions. The new Firefox 4 browser development comes as rival Microsoft pushes its Internet Explorer 9 platform forward and Google continues to accelerate its Chrome browser development.

One of the new security features in Firefox 4 is the Content Security Policy (CSP) effort.

“Content security policy is focused on Cross Site Scripting (XSS) mitigation so it prevents injected scripts from actually running,” Brandon Sterne, security program manager at Mozilla, told InternetNews.com. “The site gets to declare a policy that the Firefox browser will then apply to the page and then any content that hasn’t been blessed by the site won’t be loaded or executed.”

Sterne noted that in addition to helping to prevent XSS, the CSP system will also help to mitigate clickjacking (define)attacks as well. In clickjacking, an attacker embeds a login for a site on a third-party site where it doesn’t belong, which then enables the attacker to get access he or she shouldn’t have. CSP is designed to limit the risk of clickjacking attacks by letting site administrators set a policy specifying where their site content may be framed and where it can’t.

Read the rest at eSecurity Planet.