Hi malware fighters,
Don’t make it easy for the phisher, or cross-site scripting malcreant, install this add-on for Firefox or Flock:
https://addons.mozilla.org/en-US/firefox/addon/3629
This is enhancing your security by heaps.
http://blog.mattmecham.com/archives/2006/09/http_only_cookies_in_firefox.html
HttpOnly cookies are a mechanism Microsoft developed for IE6 SP1 to add some security to cookies. The web developer would set a cookie (for instance the session cookie) to be HttpOnly (both ASP and PHP support setting HttpOnly cookies) and the browser would only ever use that cookie when sending HTTP requests, not when client side scripting asks to read the cookie. This means if there was a cross site scripting flaw on the website the JS wouldn’t be able to use the cookies. The solution isn’t perfect, but it does what it’s meant to do and doesn’t harm anyone.
Support for this is already in the Firefox 3 alphas, if you are inclined to use them, otherwise you’ll have to wait until November or so for the first official ff3 release.
Read about the extension here:
http://spellbook.infinitiv.it/2006/10/24/httponly-cookies-in-firefox-20.htm
polonus