From useful to dangerous.

It looks like Websockets aren’t so great after all (at least in the short term). According to Mozilla and Opera posts, both companies will be disabling support for such technology until serious security flaws are fixed.

Mozilla said that Firefox 4 Beta 8 will be the very first release to do so, while Opera has not yet commented on version specifics.

Recently, Adam Barth has shared a security study findings that raised a red flag for the current state of Websockets protocol.



Here’s an excerpt from the .pdf file

For example, the attacker can poison the proxy’s cache entry for http://www.google-analytics.com/ga.js and inject JavaScript into approximately 57% of the top 10,000 web sites.

However, Mozilla is already working with IETF on a new protocol, so it’s just a matter of time before everything is fixed.