Mozilla wants to advance the security of their web applications. This includes stepping up efforts such as threat modelling, security training, secure development, code review, security testing, offering bug bounties, and making their applications “attack aware”.
Michael Coates states that an “attack aware” application is able to identify abnormal user actions that are the result of deliberate attacks, detecting a malicious user probing for application weaknesses and disabling their ability to cause damage to the system, while avoiding false positive user errors. Michael states that “attack aware” applications will use a blacklist style detection of a potential attack. I would have thought a whitelist would be a more appropriate concept, since blacklists tend to grow quickly, and known or expected user behavior would be a smaller target to code for.
Mozilla currently monitors attack reports from their applications. After an attack is detected, this data is fed into a security integration manager that monitor for trends and initiates individual attack report investigations. This initiative will move towards a system that will enable them to selectively block offending users from the app to prevent further attacks.
In order to prevent malicious sites from using XSS or CSRF to create a Denial of Service condition by causing a user to submit malicious appearing requests, automatic blocking would need to be limited to pages that that utilize controls to prevent against cross domain pollution.