1. Forum
  2. tqwNet
  3. TQW LINUX

  • Hardening the Firefox frontend

    From LWN.net@1337:1/100 to All on Wed Apr 9 19:15:06 2025
    Hardening the Firefox frontend

    Date:
    Wed, 09 Apr 2025 18:00:21 +0000

    Description:
    Tom Schuster, Frederik Braun, and Christoph Kerschbaumer have
    published an article on the Firefox Security team's Attack & Defense blog
    that explains recent work to harden Firefox's frontend code. We have
    rewritten over 600 JavaScript event handlers to mitigate XSS
    and other injection attacks in the main Firefox user interface. This
    mitigation will ship in Firefox 138. However, blocking the execution
    of scripts in the parent process is not the end - we will expand this
    technique to other contexts in the near future. There is still more
    work to do as the UI requires JavaScript APIs with a high level of
    privileges. However: We still eliminated a whole class of attacks, significantly raising the bar for attackers to exploit Firefox.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/1016978/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)