In a recent blog post on the Mozilla Security Blog, the Firefox-maker revealed the steps it has taken to protect users from code injection attacks by making its browser more secure.
The company has hardened its browser by removing “potentially dangerous artifiacts” from the Firefox codebase, including inline scripts and eval()-like functions, according to the firm’s platform security and privacy engineer Christoph Kerschbaumer.
Inline scripts were removed in an effort to improve the protection of Firefox’s ‘about’ protocol which is often referred to as about: pages. These about: pages allow users to do things such as display network information, view how their browser is configured and see which plug-ins they’ve installed.
Code injection attacks
Kerschbaumer explained how this new measure can help protect against code injection attacks, saying:
Additionally, Mozilla has warned developers against using the eval() function which it described as a “dangerous function, which executes the code it’s passed with the privileges of the caller”. By rewriting all eval()-like functions, the company has reduced the attack surface in Firefox further.