homecatalogcontactsNoScript is
Free Software: if you like it, you can support its progress :)
what is it?
what is it?featureschangelogscreenshotsforumfaqget it!InstallNoScript is
Free Software: if you like it, you can support its progress :)
Fight CLICKJACKING Now! The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows
JavaScript,
Java,
Flash and other
plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript also provides the most powerful
anti-XSS and
anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the
NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the "Block scripts in Firefox" video by cnet.
Staying safe has never been so easy!
Experts will agree: Firefox is really safer with NoScript!
V. 2.6.8.6 - Friendly Security
If you find any bug or you'd like an enhancement, please report
here or
here. Many thanks!
Main good news
Fixed multiple
ABE issues caused by the increased asynchronicity of Mozilla's platform networking (thanks barbaz and al_9x for reporting).
Fixed bugs in
regexp-based embed blocking exceptions (thanks barbaz for reporting)
Improved Google Analytics
Script Surrogates.
Fixed
ClearClick incompatibility with latest Google+ based Youtube comments system.
Improved
SQLXSSI detection (thanks Alex Inführ for reporting).
Fixed HTML 5 audio/video content types not blocked when loaded as top-level documents (thanks al_9x for reporting)
The
anti-XSS filter now recognizes several experimental/unofficial markup items handled by Gecko (thanks .mario for reporting).
Protection against XSS filter evasion attacks exploiting Adobe Flash URL parsing and charset handling bugs (thanks Soroush Dalili for reporting)
ClearClick compatibility with latest browser built-in Click To Play implementation (
Bug 889228).
Mimetype whitelisting through the noscript.allowedMimeRegExp preference now work with the WebGL pseudo type (thanks Thrawn for RFE)
Improved "fixable" JavaScript links detection (thanks "asdf" for RFE).
More usable embedding placeholders, e.g. for Youtube movies on Facebook.
Enhanced site compatibility of the
anti-XSS filter.
Improved per-window private browsing support.
Improved out-of-the-box compatibility with Microsoft's email services (thanks Raùl Duràn of Microsoft for help).
Google Analytics web bugs are blocked automatically, unless google-analytics.com has been explicitly whitelisted (better than
No Google Analytics, because NoScript blocks every cross-site request to GA, no matter the type or the file name).
Mark as untrusted button on the site info page (thanks SwissBIT for RFE)
Allow/Forbid/Mark as untrusted icons on the site info buttons.
Several
XSS filter enhancements, thanks to Masato Kinugawa's research.
New "Security Downgrade Warning" suggests blacklist mode as a better option than uninstalling, in order to retain
scripting-unrelated protections.
Improved
Google Analytics Surrogate, makes more sites work correctly with google-analytics.com blocked.
Added navigator.doNotTrack property support.
Added new fake mimetype placeholder "FRAME" to match FRAMEs and IFRAMES with the
noscript.allowedMimeRegExp preference for selecting blocking exceptions.
Holding the left mouse button down on an absolutely positioned page element and hitting the DEL key will remove it if scripts are disabled (useful to forcibly kill in-page popups). This feature can be disabled by setting the noscript.eraseFloatingElements about:config preference to false.
Right-clicking on NoScript menu items copy site domains to the clipboard (useful for reporting and investigating sites, thanks Tom T. for RFE)
Browserid.org has been added to the default whitelist.
"Click to play" protection against
WebGL exploitation, now also on whitelisted sites (can be enabled in NoScript Options|Embeddings)
Security and Privacy Info page is shown whenever you middle-click on sites exposed by NoScript's UI, either in the menus or in the Whitelist options tab.
Middle clicking NoScript's toolbar button temporarily allows all on current page. More in the
changelog...
Experts do agree...
08/06/2008, "I'd love to see it in there." (
Window Snyder, "Chief Security Something-or-Other" at Mozilla Corp.,
interviewed by ZDNet about "adding NoScript functionality into the core browser").
03/18/2008, "Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits" (Rich Mogull on TidBITS,
Should Mac Users Run Antivirus Software?).
11/06/2007,
Douglas Crockford, world-famous JavaScript advocate and developer of JSON (one of the building blocks of Web 2.0),
recommends using NoScript.
03/16/2007,
SANS Internet Storm Center, the authoritative source of computer security related wisdom, runs a front-page
Ongoing interest in Javascript issues diary entry by
William Stearns just to say "Please, use NoScript" :)
Actually, NoScript has been recommended several times by SANS, but it's nice to see it mentioned in a dedicated issue, rather than as a work-around for specific exploits in the wild. Many thanks, SANS!
05/31/2006, PC World's
The 100 Best Products of the Year list features NoScript at #52!
Many thanks to PC World, of course, for grokking NoScript so much, and to IceDogg who kindly
reported these news...
In the press...
CNET News: "Giorgio Maone's NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory." (March 9, 2009, Dennis O'Reilly, Get a new PC ready for everyday use)
Forbes: "The real key to defeating malware isn't antivirus but approaches like Firefox's NoScript plug-in, which blocks Web pages from running potentially malicious programs" (Dec 11, 2008, Andy Greenberg, Filter The Virus Filters).
PC World:
Internet Explorer 7 Still Not Safe Enough because it doesn't act like "NoScript [...] an elegant solution to the problem of malicious scripting" (
cite bite)
New York Times: "[...] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC", (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).
PC World's
Ten Steps Security features using NoScript as step #6. (
cite bite)
The
Washington Post security blog compares MSIE "advanced" security features (like so called "Zones") to Firefox ones and recommends NoScript adoption as the safest and most usable approach. (
cite bite)
Giorgio Maonewhat is it?featureschangelogscreenshotsforumfaqget it!privacy Copyright © 2004-2013 InformAction - All rights reserved