Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks

NewsNo Comments

You Are Here:Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks

By [email protected] (Swati Khandelwal) In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in “about: pages” that are the gateway to sensitive preferences, settings, and statics of the browser.

Firefox browser has 45 such internal locally-hosted about pages, some of which are listed

Via:: Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks

      

About the author:

Top