Security Articles
-
privacy-related changes coming to CSS :visited
For more information about this, have a look at David Baron’s post, the bug and the post on the security blog. For many years the CSS :visited selector has been a vector for querying a user’s history. It’s not particularly dangerous by itself, but when it’s combined with <a href="https://developer.mozilla.org/en/DOM/window.getComputedStyle">getComputedStyle()</a> in JavaScript it means that […]
-
mitigating attacks with content security policy
Firefox support for Content Security Policy (CSP) has been in the news and is now available in test builds for web developers to try. Support for CSP isn’t slated for Firefox 3.6 but is likely to be included in the release after 3.6, mostly likely called 3.7. This post is targeted at web developers and […]