Mozilla trials a Firefox security tool

MOZILLA IS ASKING researchers and developers to help test a security tool for its Firefox web browser.

The company has posted a preview build for Content Security Policy (CSP), and is hoping that webmasters and security experts will try out the tool.

CSP is designed to prevent pages from being infected with third-party attacks, such as cross-site scripting, by allowing webmasters and site developers to place restrictions on how outside sites can access and interact with the page.

Brandon Sterne, security programme manager at Mozilla, explained that, after several months of development and testing behind closed doors, the company is now bundling the tool with preview versions of Firefox so that researchers can put CSP to the test against possible real-world attacks.

"We are thrilled to have received so much great feedback from other browser vendors, web site administrators, and security researchers, and we are very proud of the design that has come out of that discussion," Sterne explained in a blog post.

"We would like to encourage any server administrators or web app security researchers who are interested in this project to grab a preview Firefox build and help us test the new features."

End users should not expect CSP to be a polished and complete component. The tool is still in a trial phase, and certain features and protections are not yet fully implemented. µ