Firefox Aurora now Supports Content Security Policy 1.0

web Today with the release of Mozilla Firefox Aurora 23, support for Content Security Policy or CSP using the unprefixed, W3C standard header Content-Security-Policy has landed. Firefox has had experimental support for CSP since FireFox 4, using the header X-Content-Security-Policy.

This entry was:

Cross Domain Data Theft using CSS

web FireFox (3.6.7) released today fixed an interesting security vulnerability called Cross Domain Data Theft using CSS discovered by Google security researcher Chris Evans.

This entry was:

FCKEditor Year 2010 Bug for Firefox 3.6 with ColdFusion

web If you are having problems using FCKeditor on Firefox 3.6, it's due to a, lets call it a Year 2010 bug. You will see a textarea instead of the editor. This probably only exists in the ColdFusion version, I haven't checked the other versions...

The useragent for Firefox 3.

This entry was:

Ajax Same Origin Policy No More with Firefox 3.5

web Firefox 3.5 now allows you to make AJAX Requests, or more correctly XMLHttpRequests cross domain (in other words can make XHR requests to When I heard about this, my first is that they would use the cross-domain.xml file that Flash has supported for years to achieve this.

This entry was:

Firefox 3.5 Introduces Origin Header, Security Features

web FireFox 3.5 was just released about a half hour ago. You can checkout all the new features for web developers here.

For me, as someone that does a lot of security research one of the most interesting new features is the Origin http header that FireFox 3.5 now sends.

This entry was:

Geolocation API for Adobe AIR?

web Mozilla recently announced a new project called Geode - which allows web sites to request your location using JavaScript. I assume this will be built into a future release of Firefox someday, but for now it's a Plugin.

This entry was:

Firefox Now Supports HttpOnly Cookies

web You may be surprised to learn that Microsoft Internet Explorer has supported a a security feature called HttpOnly cookies since IE 6 SP1.

Firefox, which was released just the other day, now supports it.

This entry was:

Watch out for Autocomplete

web I ran into a funny problem today that had to do with the Autocomplete feature in Firefox. If I had autocomplete turned off on my computer it would have been very hard to debug this issue, but I quickly realized that autocomplete was the problem.

This entry was:

FireFox Click Wheel does not fire onclick Event

web I just noticed something today in Firefox (on Windows, probably the same on Mac haven't tested yet). Suppose you have a link with a JavaScirpt onclick event such as:

<a href="deleteTB.

This entry was:


misc Firefox has been trying to get me to update to version, for a while now so I finally did today. The new version has creashed 3 times already today.

Is it just me or did 1.0.x seam to be a lot more stable than 1.5?

This entry was:

New FireFox Extension

web The folks at have been pretty busy kicking out new features. The latest was just announced on the discuss mailing list about a half hour ago - a firefox extension. The extension basically replaces various bookmarklets that you may have used. Get em while their hot.

This entry was:

Top 20 Internet Security Vulnerabilities of 2005

apple databases linux misc web SANS has published a list of the top 20 internet security vulnerabilities of 2005. The list is not however cumulative, it features security vulnerabilities that have been the most prevalent within the past year and a half.

This entry was:

AJAX on IE - back to the IFRAME

web On Internet Explorer in order to write AJAX based web applications you have to use an ActiveX object.

var request = new ActiveXObject("Microsoft.

This entry was:

Have a good firefox extension idea?

web Eric Hamiter, author of several FireFox extensions is soliciting ideas for his next extension:

Lets have a brainstorming session. Ive been tinkering around with a few old ideas that are going nowhere, and its been ages since Ive released an extension.

This entry was:

The Proper Content Type for XML Feeds

web RSS Feeds have a content type problem. Most people end up serving them with the content-type: text/xml. But this practice is frowned upon for several reasons.

This entry was:

GreaseMonkey User Scripts

web After hearing a lot about grease monkey I finally got around to installing it and playing with it, and it's pretty cool!.

What is greasemonkey?

It's simply a firefox extension that allows you to run JavaScript User Scripts when the current page matches a URL pattern specified.

This entry was:

Firefox Tip: Begin Finding when you begin typing

web Here's something a co-worker showed me today that is pretty handy. In Firefox, goto Tools - Options - Advanced - Accessibility, and check Begin Finding when you begin typing.

This entry was:

Web Standards Browser Test

web The Web Standards Project has a new web standards test for browsers called the Acid2 test. No web browsers can currently pass the test. Here's what Firefox (1.0.

This entry was:

Objection - Firefox Extension for removing Local Shared Objects

web Greg Yardley has created a firefox plugin called Objection in response to my, and other blog posts about the privacy concerns of Local Shared Objects, or Flash Cookies.

The plugin adds a clear button for Local Shared Objects to the privacy options in Firefox.

This entry was:

How to Remove Search Plugins in Firefox

web Search Plugin's in firefox are a pretty cool feature, especially since they are so easy to make. However if you want to remove an installed search plugin I can't find any way to do this inside firefox. It should be in the extensions manager, or something like it.

This entry was:

Blocking Mozilla / Google Prefetch

web Mozilla browsers support a feature called link prefetching, which allows a web page to tell the browser to prefetch a url if it is idle. Google has been using this technique in their search results, telling Mozilla to start loading the first result. I also noticed that MXNA 2.

This entry was:

Where are my ALT tooltips in Firefox

web I was wondering why Firefox doesn't show tooltips when you use the alt attribute in img tags like IE does. Turns out IE should not be displaying alt messages in tooltips, the title attribute is designed for that.

But don't stop using the alt attribute, thats required for accessibility.

This entry was:

Firefox Statusbar Extensions

apple web I have come across some very sweet firefox extensions that run in the status bar (down on the bottom of the window).

This entry was:

Venkman JavaScript Debugger Firefox Extension

web I just came across a JavaScript Debugger Extension for Firefox. It's a little slow and clunky still, but it looks like it is in active development. The mozilla debugger looks much better than the Microsoft Script Debugger.

Screen Shot:

This entry was:

Bookmarklets and Search Plugins for

coldfusion java Many people have been posting bookmarklets for searching, and some have asked about a Mozilla/Firefox search plugin. So I though I would create a bookmarklets, and mozilla search plugins page.

This page has bookmarklets that work in IE, Mozilla, FireFox, and Safari.

This entry was:

Bookmarklets for

coldfusion web Paul Newman created some bookmarklets for

ColdFusion Documentation (IE)

This entry was:


did you hack my cf?