CyberSecurityBoard
Sponsor Register Login

Mozilla decides Trusted Types is a worthy security feature The Register

Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser.
The browser biz will help reduce a longstanding form of web attack that relies on injected code.
Mozilla won't implement Trusted Types in Firefox immediately - there are still some technical issues to sort out.
The org's decision is a win for web security, which has been looking up since May 2020 when Trusted Types shipped in Chrome 83 and Edge 83.
Trusted Types addresses DOM-XSS, or document object model cross-site scripting - considered to be both rather dangerous and fairly common.
XSS attacks should become less common as more websites revise their code to take advantage of Trusted Types.
Or, as Vogelheim continued, they are made possible when developers fail to sanitize their app's inputs.
With Trusted Types enabled, the browser expects a TrustedHTML object instead of a text snippet.
Trusted Types addresses the risk of unsafe input by limiting the attack surface via Content Security Policy and a content filtering mechanism.
Since the capability first showed up three years ago, DOM-XSS attacks have become less common in the Chromium ecosystem.
In an October post to the GitHub repo discussing Mozilla's positions on various technologies, Vogelheim notes that Google expects to effectively eliminate DOM-XSS risk as it deploys Trusted Types across all of Google's websites.
I believe that broader support across browsers and broader deployment across websites would be beneficial to the web platform overall.
Toward that end, Niemczura pointed to a post he made in May urging Apple's WebKit team to consider adopting Trusted Types based on successful deployment by Google, Meta, and Microsoft across various websites.
Currently, Trusted Types is present or enforced in about ten percent of Chrome web page loads.
Bruce Perens, a veteran programmer and one of the founders of the Open Source movement, expressed enthusiasm for the technology after deploying it.
Perens said that while Trusted Types are only enforced in some browsers, developers should adapt their web app code to support the XSS defense because he believes Firefox, Safari, and other browsers will eventually include the technology.


This Cyber News was published on go.theregister.com. Publication date: Thu, 21 Dec 2023 11:43:04 +0000


Cyber News related to Mozilla decides Trusted Types is a worthy security feature The Register

Mozilla decides Trusted Types is a worthy security feature The Register - Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser. The browser biz will help reduce a longstanding form of web attack that relies on injected code. ...
6 months ago Go.theregister.com
Mozilla decides Trusted Types is a worthy security feature The Register - Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser. The browser biz will help reduce a longstanding form of web attack that relies on injected code. ...
6 months ago Packetstormsecurity.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
6 years ago
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
1 month ago Tenable.com
What Is Cloud Security Management? Types & Strategies - Cloud security management is the process of safeguarding cloud data and operations from attacks and vulnerabilities through a set of cloud strategies, tools, and practices. The cloud security manager and the IT team are generally responsible for ...
1 month ago Esecurityplanet.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
6 months ago Feeds.dzone.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
6 months ago Microsoft.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
6 months ago Esecurityplanet.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
4 months ago Cybersecuritynews.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
4 months ago Esecurityplanet.com
Protecting User Privacy by Removing Personal Data from Data Broker Sites - As part of its new subscription service model, Mozilla Firefox is offering its users the possibility of finding and removing their personal and sensitive information from data brokers across the internet. To eliminate their phone numbers, e-mail, ...
4 months ago Cysecurity.news
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
1 month ago Blog.checkpoint.com
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report - We're thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. A notable achievement is being recognized as one of the few non-gateway-first ...
6 months ago Imperva.com
CVE-2024-26706 - In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data ...
3 months ago Tenable.com
Cybersecurity Career Pathways for Students - Whether aspiring to become a cybersecurity analyst, ethical hacker, or security engineer, this article serves as a valuable resource for students aiming to embark on a successful cybersecurity career. As an analyst, students will be responsible for ...
6 months ago Securityzap.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
6 months ago Esecurityplanet.com
A Practitioner's Guide to Security-First Design - Instead, organizations must proactively fortify their defenses and enter the era of security-first design - an avant-garde approach that transcends traditional security measures. Security-first design is an approach that emphasizes integrating robust ...
6 months ago Feeds.dzone.com
Benefits and challenges of managed cloud security services - Too many organizations lack the in-house cloud security expertise and resources needed to protect cloud assets effectively. One option to address these challenges is managed cloud security. Outsourcing cloud security to a third party not only helps ...
4 months ago Techtarget.com
IaaS Security: Top 8 Issues & Prevention Best Practices - Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as ...
6 months ago Esecurityplanet.com
The Art of Securing Cloud-Native Mobile Applications - We will explore the dynamic intersection of cloud-native architecture and mobile application security, delving into the strategies and best practices essential for safeguarding sensitive data, ensuring user privacy, and fortifying against emerging ...
6 months ago Feeds.dzone.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
1 week ago Pandasecurity.com
Mozilla Firefox's Premium Dark Web Monitoring Solution - Mozilla, renowned for its commitment to an open and secure internet, has recently made a strategic foray into unexplored realms with the introduction of a subscription-based dark web monitoring service. This bold move signifies the organization's ...
4 months ago Cysecurity.news
New Stellar Cyber Alliance to Deliver Email Security for SecOps Teams - Stellar Cyber, a Double Platinum 'ASTORS' Award Champion in the 2023 Homeland Security Awards Program, and the innovator of Open XDR has entered inao a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this ...
4 months ago Americansecuritytoday.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)