"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."
Although the Firefox team has an entire page on the mozilla.com website dedicated to the new security features in Firefox 4, they seem to have forgotten to mention HTTP Strict Transport Security (HSTS).
"On Monday, Mozilla, the developer of popular open source applications like Firefox and Thunderbird, announced that a database containing usernames and password hashes belonging to users of addons.mozilla.org had been posted publicly by accident."
Click in to find related links.