MozillaZine

Content Security Policy 1.0 for SeaMonkey?

Discussion of features in Seamonkey
CMonkeyBloke

User avatar
 
Posts: 677
Joined: June 10th, 2011, 11:35 am
Location: Annwn

Post Posted June 13th, 2013, 12:19 pm

CSP 1.0 Added to Firefox to Block XSS Attacks

I have a couple of questions about this: Will CSP be implemented into the SeaMonkey equivalent when this is implemented into Firefox? And, would it make SeaMonkey safer from CSS attacks even if I already use NoScript & RequestPolicy?

Philip Chee

User avatar
 
Posts: 6475
Joined: March 1st, 2005, 3:03 pm

Post Posted June 14th, 2013, 8:07 am

CMonkeyBloke wrote:CSP 1.0 Added to Firefox to Block XSS Attacks

I have a couple of questions about this: Will CSP be implemented into the SeaMonkey equivalent when this is implemented into Firefox? And, would it make SeaMonkey safer from CSS attacks even if I already use NoScript & RequestPolicy?

Bug 875706 Flip the pref to enable the Content Security Policy (CSP) 1.0 parser for SeaMonkey.

References:
FX Bug 842657 Flip the pref to enable the CSP 1.0 parser for Firefox.
FXOS Bug 858787 Flip the pref to turn on the CSP 1.0 parser for Firefox OS

http://en.wikipedia.org/wiki/Content_Security_Policy

https://wiki.mozilla.org/index.php?title=Security/CSP/Spec&oldid=133465#Background
Content Security Policy is intended to help web designers or server administrators specify how content interacts on their web sites. It helps mitigate and detect types of attacks such as XSS and data injection. CSP is not intended to be a main line of defense, but rather one of the many layers of security that can be employed to help secure a web site.

Phil

CMonkeyBloke

User avatar
 
Posts: 677
Joined: June 10th, 2011, 11:35 am
Location: Annwn

Post Posted June 14th, 2013, 8:17 am

OK, thanks for the links & info Phil. :D

therube

User avatar
 
Posts: 17522
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted June 14th, 2013, 11:00 am

And while we're here, Introducing Content Security Policy.


> a defense against some common attacks such as XSS

Do note that it is not an end-all.
For instance, still unresolved, Bug 528661 - (xssfilter) Heuristics to block reflected XSS (like in IE8).


Oh, & don't forget, NoScript.
Anti-XSS protection

NoScript’s Anti-XSS Filters Partially Ported to IE8

Security Policies
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

CMonkeyBloke

User avatar
 
Posts: 677
Joined: June 10th, 2011, 11:35 am
Location: Annwn

Post Posted June 15th, 2013, 3:49 am

OK thanks for the info therube.

Return to SeaMonkey Features


Who is online

Users browsing this forum: No registered users and 1 guest