Mozilla announced this week that the upcoming Firefox 60 will introduce support for the same-site cookie attribute in an effort to protect users against cross-site request forgery (CSRF) attacks.
CSRF attacks allow malicious actors to perform unauthorized activities on a website on behalf of authenticated users by getting them to visit a specially crafted webpage. These types of attacks leverage the fact that every request to a website includes cookies and many sites rely on these cookies for authentication purposes.
Mozilla has pointed out that the current web architecture does not allow websites to reliably determine if a request has been initiated legitimately by the user or if it comes from a third-party script.
Leave a reply
