It appears that Firefox will gain some much-needed Content Security Policy (CSP) that will help defend against XSS attacks, Clickjacking, and packet sniffing.

I'm not sure when CSP will be implemented, but so far the specs look pretty good. And, Web site operators and administrators will want to become aware of how this technology works so as to make sure their Web pages take full advantage of it - particular in instances where users can provide input via the Web (e.g. comments, contact forms, order forms, etc).

You can read up on Content Security Policy right now over at Mozilla's Web site