NEW YORK, USA: Mozilla has got tougher on web based attacks. The browser maker has released a test build of Firefox that adds new technology designed to stymie most Web-based attacks.

Based on the Content Security Policy (CSP), the new technology is a Mozilla-initiated specification targeted at Web site and application developers, who will be able to define which content on the site or in the online application is legitimate.

That would block any script or malicious code that's been added by hackers who manage to compromise the site or app. Such attacks are generally tagged with the label of cross-site scripting (XSS).

A Mozilla announcement said that the preview editions of Firefox are available for developers to try out.
"This isn't a single trick that's meant to counter a single kind of attack," said Johnathan Nightingale, the manager of the Firefox front-end development team. "This helps sites solve cross-site scripting, but it's more than that. They now have a way to shut everything dynamic off, so that no matter what content gets added to a site, if it's on the page and they've sent us policy instructions in its header, we shut it down."

Firefox is passing the baton to site and application developers, who will be able to separate the legitimate from the illicit content. With CSP in place, Firefox will allow the former but will automatically block the latter.