Firefox gets another major security upgrade

Hotnewnobs October 15, 2019

0 1 minute read

Firefox gets another major security upgrade

In a recent blog post on the Mozilla Security Blog, the Firefox-maker revealed the steps it has taken to protect users from code injection attacks by making its browser more secure.

The company has hardened its browser by removing “potentially dangerous artifiacts” from the Firefox codebase, including inline scripts and eval()-like functions, according to the firm’s platform security and privacy engineer Christoph Kerschbaumer.

Also See:

Major League - Bandz Up Ft Nasty C & DJ Drama

Inline scripts were removed in an effort to improve the protection of Firefox’s ‘about’ protocol which is often referred to as about: pages. These about: pages allow users to do things such as display network information, view how their browser is configured and see which plug-ins they’ve installed.

However, since these about: pages are written in HTML and JavaScript, they employ the same security used by web pages, which are also vulnerable to code injection attacks. For instance, an attacker could inject code into an about:page and use it to change configuration settings in Firefox.

Code injection attacks
To help protect Firefox users against code injection attacks, Mozilla decided to rewrite all of its inline event handlers and to move all inline JavaScript code for all 45 of its about: pages to “packaged files”. The company also set a strong Content Security Policy to make sure that any injected JavaScript code is unable to execute.

Kerschbaumer explained how this new measure can help protect against code injection attacks, saying:

“Instead JavaScript code only executes when loaded from a packaged resource using the internal chrome: protocol. Not allowing any inline script in any of the about: pages limits the attack surface of arbitrary code execution and hence provides a strong first line of defense against code injection attacks.”

Additionally, Mozilla has warned developers against using the eval() function which it described as a “dangerous function, which executes the code it’s passed with the privileges of the caller”. By rewriting all eval()-like functions, the company has reduced the attack surface in Firefox further.

Via ZDNet

Firefox gets another major security upgrade

Firefox gets another major security upgrade

Firefox gets another major security upgrade

Firefox gets another major security upgrade

Also See:

Related

Hotnewnobs

Leave a Reply Cancel reply

Check Also

News

Benefits of a hybrid multicloud strategy

Top 10 UK Insurance Companies in 2019

Fully Funded Eni Scholarships 2020/2021 For Masters At University Of Oxford

The benefits of multi-cloud operations

Lil Wayne – Lost Grails Mixtape

Burna Boy – Money Play

M Huncho – Huncholini The 1st Album

J Hus – Big Conspiracy Album

The Official Photos of Air Jordan 1 High OG “UNC To CHI” Released

Video: Burna Boy – Secret Ft Jeremih, Serani

Chance The Rapper Set To Bring Back ‘PUNK’D’

Scientists identify a trigger for type 1 diabetes in mice

First Vaping-Related Death Has Been Reported By The CDC

Fighting Cybercrime: Cybersecurity and Digital Forensics Are the New A-Team

Cerebras Debuts Big Chip to Speed Up AI Processes

Firefox gets another major security upgrade

Firefox gets another major security upgrade

Also See:

Share this:

Related

How IT businesses can offer cybersecurity

Tyga Signs with columbia in Multi-Million Dollar Deal

Leave a Reply Cancel reply

Check Also

News

Log In