Content Security Policy is designed to shut down XSS attacks by providing a mechanism for sites to explicitly tell the browser which content is legitimate. It can also help mitigate clickjacking and packet sniffing attacks. Mozilla s security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting (XSS) plague against modern Web browsers. Read the full story on Mozilla’s new technology here: http://www.mozilla.org/content-security-policy.
Source: https://threatpost.com/mozilla-tackles-xss-vulnerabilities-clickjacking-attacks-062209/72846/