tssci security

Firefox + httpOnly? While we're at it...

kuza55 noted this morning that Firefox 2.0.0.5 has implemented support for httpOnly cookies. It's not perfect, as ma1 pointed out in the comments, but it's better than nothing.

The Firefox browser could be made even more secure by building NoScript, LocalRodeo, CookieSafe, SafeHistory, and SafeCache into the Firefox codebase. In addition an option to run only signed Java(Script) should be developed.

For more on httpOnly cookies, check out Mitigating Cross-Site Scripting With HTTP-only Cookies and also Why HttpOnly won't protect you.

Posted by Marcin on Thursday, July 19, 2007 in Privacy, Security and Tech.

blog comments powered by Disqus
blog comments powered by Disqus