Firefox + httpOnly? While we're at it...
kuza55 noted this morning that Firefox 2.0.0.5 has implemented support for httpOnly cookies. It's not perfect, as ma1 pointed out in the comments, but it's better than nothing.
The Firefox browser could be made even more secure by building NoScript, LocalRodeo, CookieSafe, SafeHistory, and SafeCache into the Firefox codebase. In addition an option to run only signed Java(Script) should be developed.
For more on httpOnly cookies, check out Mitigating Cross-Site Scripting With HTTP-only Cookies and also Why HttpOnly won't protect you.
blog comments powered by Disqus