Protect yourself from CSRF attacks with CSFire
For the last decade, there has been a disturbingly major increase in cross site request forgery attacks (csrf). In this kind of attack, an unauthorized request from the user’s browser is made to a vurnerable website to execute an unwanted action, without the user even noticing. These unauthorized requests can be triggered by mails or websites containing malicious <img> or <iframe> tags, for example discussion boards that accept html input. Examples of unwanted actions are stealing sensitive data, wiring money from one account to the other, …
These csrf attacks are very problematic because it is difficult for a user to protect himself from it without completely degrading the web experience, such as disabling javascript (which is not necessarily a sufficient counter measure). It is mainly up to the developer of a site or web application to prevent these attacks by making sure it is impossible to store code on their site that launches such attacks and by making sure their site is not vurnerable to such attacks. But truth is that most developers are just clueless.
However, distrinet, a reseach group of the University of Leuven, has published a firefox addon called csfire that attempts to mitigate csrf attacks. You can find the paper on csfire here.