Categories: Ad Guardian PlusNews

Mozilla to protect its users from code injection

Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in “about: pages”, in an effort to protect its users from code injection. These are the gateway to sensitive preferences, settings, and statics of the browser. The decision was made in order to mitigate a large class of potential cross-site scripting issues in Firefox.

According to Christoph Kerschbaumer, Mozilla’s platform security and privacy enginner, changes will not affect the way websites work on the Firefox browser. Still, Mozilla promissed to “closely audit and evaluate” the usages of harmful functions in 3rd-party extensions and other built-in mechanisms.

Mozilla decided to rewrite its inline event handlers and move all inline JavaScript code for all of its 45 about: pages, to “packaged files”. Moreover, the company set a strong Content Security Policy (CSP) to be sure that the JavaScript code only executes when loaded from a packaged resource using the internal protocol.

Instead JavaScript code only executes when loaded from a packaged resource using the internal chrome: protocol. Not allowing any inline script in any of the about: pages limits the attack surface of arbitrary code execution and hence provides a strong first line of defense against code injection attacks,”, Kerschbaumer mentioned.

The attackers use the JavaScritpt function and similar methods to trick the target applications into converting text into an executable JavaScript. Thus, they achieve code injection, when the attackers can not inject script directly. This is the reason for which Mozilla removed and blocked eval-like functions as this might be another “dangerous tool”.

Laurentiu Titei

Recent Posts

How to Fix the ERR_GFX_STATE Error on Red Dead Redemption

Is Red Redemption 2 crashing in the middle of gameplay? Understandably, game crashes can be…

2 hours ago

How to Download and Use Telegram on Windows PC: Complete Guide

Telegram is a highly popular social media platform you can use to message and chat…

1 day ago

Best Linux Distros for Windows Users in 2026

Do you want a Windows-like feel on your computer, minus the annoying hardware changes, privacy…

2 days ago

Snipping Tool Not Working in Windows 11,10,8,7 [FIXED]

Snipping Tool in Windows comes in handy when you want to capture anything on your…

3 days ago

How to Connect Oculus Quest 2 to PC

Oculus Quest 2, now known as Meta Quest, is a popular VR headset that offers…

4 days ago

FIXED: Mobile Hotspot Not Working on Windows 10/11

Mobile hotspot is a savior when you are somewhere with a slow or unstable internet…

5 days ago