Archive for December 10th, 2007

John Resig (of jQuery fame, now a Mozilla Corp. employee) lets us know that JSON leakage through Array constructor redefinition, one form of so called AJAX-hijacking working on Opera, Safari and Firefox, is going to be impossible on Firefox 3.
Starting with next Beta 2, in facts, most built-in global constructors (

Array, Boolean, Date, Math, Number, Object, RegExp, String

) will be constant: override attempts will raise an error.
This is obviously an incompatible change, even though the "broken" functionality shouldn't be something you rely upon in your everyday web application.
Anyway, if you find any regression, this is currently tracked under Bug 376957.

Bad Behavior has blocked 2692 access attempts in the last 7 days.