Mozilla Hardens Their Firefox Browser To Fend Off Code Injection Attacks

Mozilla has announced another bold step towards ensuring better security for users. This time, they will be fending off code injection attacks by making changes to the Firefox browser.

In a recent post, Mozilla has revealed some major changes to the Firefox browser. These changes will help Mozilla make Firefox secure against code injection attacks.

Specifically, the changes include removal of ‘potentially dangerous artifacts’ such as ‘inline scripts’ and ‘eval()-like functions’. By doing so, they strive to ‘reduce the attack surface’ and harden the code.

Removing Inline Scripts

Explaining about the removal of inline scripts, they revealed that this step would strengthen the Firefox ‘about protocol’. In simple words, there were numerous about:pages allowing an insight to the internal browser state. Notably, the about:config exposed an API allowing users to make changes to the Firefox settings. Since these pages implemented HTML and JavaScript, they remained vulnerable to code injection attacks. Consequently, Mozilla decided to remove inline scripts.

As stated in the blog post,

Removing eval()-like Functions

You Might Also Like