CSP 1.0 Added to Firefox to Block XSS Attacks

Discussion in 'other security issues & news' started by TheKid7, Jun 12, 2013.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    CSP 1.0 Added to Firefox to Block XSS Attacks:
    http://threatpost.com/csp-1-0-added-to-firefox-to-block-xss-attacks/
     
  2. Alhaitham

    Alhaitham Registered Member

    Joined:
    May 18, 2013
    Posts:
    173
    Location:
    Egypt
  3. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    693
    Location:
    Hogwarts.
    Thanks for the share.
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Nice, but the article forgot to state in which version it is added, but I found it:
     
  5. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    I guess adding noscript, would block the xss attacks. Isn't it?
    Anything benefit implementing this to the user, which does not provide by no script? I know, by default firefox would be more safer :) which is a very good thing.
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Before this, NS's XSS protection was way better than Firefox's, but I don't know how it compares against FF with CSP 1.0
     
  7. tlu

    tlu Guest


    Both approaches are completely different. CSP improves server-side security (if, and only if, the Content-Security-Header is added to the website and the policy is correctly applied), while Noscript improves client-side security by filtering malicious cross-site requests. Once CSP is applied to all websites, the anti-XSS filter in Noscript is theoretically superfluous. But that's like all my Christmases have come at once if you ask me ... ;)

    BTW: A nice introduction to CSP is this one.
     
Loading...
Thread Status:
Not open for further replies.