The following techniques are used in Firefox (up to and including the latest version) to render the presentation of security context more robust against spoofing attacks:
- Multiple indicators used to indicate status, such as SSL connections being indicated by different color in the URL bar, padlock icon in the URL bar and padlock icon in the status bar
- Difficult-to-spoof UI elements that cross the chrome-content border, such as the anti-phishing warning bubble
- UI controls that are disabled until in focus for a certain amount of time to prevent click-through and "whack a mole" attacks where users are encouraged by nuisance elements to continually click in a given location
- Strict cross-site scripting execution policies to ensure that content is being rendered from appropriate sources
- Script restrictions on manipulation of the browser window to prevent picture in picture attacks. These restrictions prevent moving of the browser window off-screen or growing the browser window to be larger than the visible screen.
- Restrictions also exist which prevent installation of extensions and opening of pop up windows from untrusted sources.
The following additional techniques are currently under discussion/development within the mozilla community:
- Additional restrictions being introduced in Firefox 3 will prevent opening of chromeless windows
- Additional UI indicators being introduced in Firefox 3 will indicate the presence or absence of EV SSL identity information.
- Improved secondary UI (e.g. Page Info dialog) will present more, and more readable, context information for users interested in elaborated detail.
- This elaboration will be more directly linked-to from primary UI.