In Jeremiah Grossman's recent Unsolved Problems blog post:
Jeremiah lists the following:
- Develop a CSRF defensive measure that’s effective in the presence of an XSS vulnerability on the same target domain
My thought is to use Single Site Browsers (SSBs) to mitigate CSRF attacks. Unfortunately, I don't think I am the first to think of this since after a quick Google search, it looks like others have already begun to consider this as well.
In any event, I have been playing with Fluid for Mac OS X (http://fluidapp.com/) and the idea of offering a SSB for a specific site now makes a lot more sense to me. Even though Fluid is based on Safari, the thought of offering something similar with a security focus had me pretty intrigued. In theory, if each SSB has its own cookie space, then CSRF-style attacks become more difficult.