Hardening the Firefox frontend

Tom Schuster, Frederik Braun, and Christoph Kerschbaumer have
published an article
on the Firefox Security team's Attack & Defense
blog that explains recent work to harden Firefox's frontend code.

We have rewritten over 600 JavaScript event handlers to mitigate XSS
and other injection attacks in the main Firefox user interface. This
mitigation will ship in Firefox 138. However, blocking the execution
of scripts in the parent process is not the end - we will expand this
technique to other contexts in the near future. There is still more
work to do as the UI requires JavaScript APIs with a high level of
privileges. However: We still eliminated a whole class of attacks,
significantly raising the bar for attackers to exploit Firefox.