dcsimg
 

Firefox 3.6.9 Supports Clickjacking Attack Security Header

Wednesday Sep 8th 2010 by Developer.com Staff

The latest version of Firefox now supports clickjacking defense mechanism.

The newest version of Firefox 3.6.9 now supports the X-Frame-Options HTTP response header to prevent clickjacking attacks.

Web site owners can configure their Web servers to send a special header that tells the browser to not embed the page inside another Web site's content.

"When an attempt is made to load content into a frame, and permission is denied by the X-Frame-Options header, Firefox currently renders about:blank into the frame. At some point, an error message of some kind will be displayed in the frame instead," according to the Mozilla document on X-Frame-Options response header.

In June, several hundred thousand Facebook users fell victim to a clickjacking attack.

Home
Mobile Site | Full Site