Security Articles
-
mozilla developer preview 4 ready for testing
Note: this is a re-post of the entry in the Mozilla Project Development Weblog. There’s some juicy stuff in here for Web Developers that need testing. In particular, this is the first build with the CSS history changes. As part of our ongoing platform development work, we’re happy to announce the fourth pre-release of the […]
-
privacy-related changes coming to CSS :visited
For more information about this, have a look at David Baron’s post, the bug and the post on the security blog. For many years the CSS :visited selector has been a vector for querying a user’s history. It’s not particularly dangerous by itself, but when it’s combined with <a href="https://developer.mozilla.org/en/DOM/window.getComputedStyle">getComputedStyle()</a> in JavaScript it means that […]
-
mitigating attacks with content security policy
Firefox support for Content Security Policy (CSP) has been in the news and is now available in test builds for web developers to try. Support for CSP isn’t slated for Firefox 3.6 but is likely to be included in the release after 3.6, mostly likely called 3.7. This post is targeted at web developers and […]
