Author Topic: The newest Fx has it aboard - CSP  (Read 2326 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33532
  • malware fighter
The newest Fx has it aboard - CSP
« on: November 09, 2009, 10:29:39 PM »
Hi malware fighters,

A new security feature for both server and browser to know what the browser should run or the server should allow, test here: http://people.mozilla.org/~bsterne/content-security-policy/demo.cgi

Read: http://blog.mozilla.com/security/2009/09/30/a-glimpse-into-the-future-of-browser-security/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86949
  • No support PMs thanks
Re: The newest Fx has it aboard - CSP
« Reply #1 on: November 09, 2009, 11:24:06 PM »
I haven't got the slightest idea what the purpose of this test is as there is a total lack of information on what it is trying to achieve.

Your title says the latest fx has it aboard, well that entirely depends on what you mean by latest as ff 3.5.5 doesn't by all accounts.

With NoScript enabled an neither mozilla or hackmill allowed you get nada test as cgi blocked. With Mozilla allowed you get 5 pass (the hackmill ones) and 5 fail (the mozilla ones). With hackmill allowed you get 10 fails.

So perhaps this says more about NoScript than it does CSP.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33532
  • malware fighter
Re: The newest Fx has it aboard - CSP
« Reply #2 on: November 10, 2009, 12:37:56 AM »
DavidR,

This is a new security policy that is going to be brought in inside Firefox and also IE and it is both run by servers and browsers to check on each other what is allowed to run there security wise. I have it as a security add-on inside Firefox. Firefox 3.6 Beta has it built in.
I hope both browser developers and web developers are going to implement it,

It aims at unpluging scripting attacks, meant for those that cannot work NS to its full potential,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86949
  • No support PMs thanks
Re: The newest Fx has it aboard - CSP
« Reply #3 on: November 10, 2009, 02:06:40 AM »
OK, thanks for the additional info.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security