In the last post about the next major version of Firefox i wrote about the easy way to store different online bookmarks with sqlite on your pc.
Yesterday i found a very interested article about mozilla's aims to prevent XSS attacks in its upcoming Firefox 3 browser.

The Alpha 7 development release includes support for a new W3C working draft specification that is intended is secure XML over HTTP requests (often referred to as XHR) which are often the culprit when it comes to XSS attacks. XHR is the backbone of Web 2.0 enabling a more dynamic web experience with remote data.
...
A typical XSS attack vector is one in which a malicious Web site reads the credentials from another that a user has visited. The new specification could well serve to limit that type of attack though it is still incumbent upon Web developers to be careful with their trusted data...

read all

Is this technology really going to prevent reading malicious web sites? i found a post from Petko D. Petkov, a.k.a pdp: ...Firefox3 Vulnerable by Design from GNUCITIZEN

Pigatto, thanks for your lovely Firefox 3: Gran Paradiso interpretation!

via | tags: vulnerability xss gran paradiso mozilla development milestone web2.0

Labels: ajax, browser, development, firefox, mozilla, networking, social_software, software, web_2.0, web_services