Firefox Patches Over 600 XSS Vulnerabilities
2025-04-09
The Firefox team has significantly enhanced the security of its user interface by removing over 600 inline JavaScript event handlers. This move aims to mitigate the risk of injection attacks, such as Cross-Site Scripting (XSS). The improvement leverages Content Security Policy (CSP) to restrict script execution and is planned to expand to other parts of Firefox. The ultimate goal is to completely block dynamic code execution, providing a more secure browsing experience. This update will be included in Firefox 138.
Development