←back to thread

Hardening the Firefox Front End with Content Security Policies

(attackanddefense.dev)
182 points evilpie | 1 comments | 09 Apr 25 09:34 UTC | HN request time: 0.203s | source
Show context
lol768 ◴[09 Apr 25 12:59 UTC] No.43631552[source]
This is an entire class of vulnerabilities that would've never been possible with XUL, is that correct?

I appreciate they had to move for other reasons but I also really don't like the idea that the DevTools and browser chrome itself now has all of the same security issues/considerations as anything else "web" does. It was bad with Electron (XSS suddenly becoming an RCE) and makes me pretty nervous here too :(

replies(1): >>43631677 #
emiliocobos ◴[09 Apr 25 13:12 UTC] No.43631677[source]
Xul would've had the same issues.
replies(2): >>43632263 #>>43633749 #
1. sebazzz ◴[09 Apr 25 16:14 UTC] No.43633749[source]
It still surprises me parts of Firefox still use XUL.