Browser

Mozilla set to secure cross-site scripting in Firefox 3


XSS (a.k.a. cross-site scripting) attacks are a bane that accompanies the world of mashups and Web 2.0 features on the Net. However, the problem may be solved in the next major release of Mozilla's Firefox 3 with support for the new W3C draft to secure XML over HTTP.

Here's a quote from an article on internetnews.com:

"Cross site XMLHttpRequest will enable Web authors to more easily and safely create Web mashups," Mike Schroepfer, Mozilla's vice president of engineering, told internetnews.com. "It is one of many advanced Web standards that we are implementing in Firefox 3 and look forward to the world adopting."

Cross-site scripting attacks take place when a malicious site reads data from the other sites that a user visits. The new W3C draft will define standards by which sites can set the access rights for what content is accessible.

Cross-site scripting has been a major security vulnerability with the Web getting more interactive. Here's a link from steve.org.uk for a hands-on feel of what actually happens in an XSS attack. The adoption of open standards in plugging the loopholes in Web standards is a necessity, and Mozilla is leading the way.