No Script: Firefox security addon to block untrusted scripts

No Script is an addon that improves the security of Firefox by allowing only trusted scripts (from a whitelist) to execute. This is particularly helpful when browsing bank websites, ecommerce sites etc. I use Chrome for daily purposes, and typically NoScript in Firefox only for all my online transactions that involve disclosing personal data like credit card number, bank account login details etc.

Since NoScript blocks all Javascript, it also prevents ads, animations and pop ups from loading. Setting up NoScript by allowing all the scripts you need, into the whitelist, can be frustrating. But once set up, it can give you peace of mind, and you won’t have to do much maintenance.

NoScript works by allowing JavaScript, Java and other active content to run only from trusted domains. To get a bit technical, this usually protects you against common (but dangerous) vulnerabilities like cross-site scripting attacks (XSS) and clickjacking attempts.

The NoScript status bar displays information about which objects (for example, advertisements and pop-up messages) and scripts are currently prevented from executing themselves on your system. The following two figures are prime examples of NoScript at work: In Figure 2, NoScript has successfully blocked an advertisement created in Adobe Flash Player on a commercial website.

Since scripts from your whitelisted domains run, you will not experience any noticeable loss of functionality. Enabling scripts on trusted sites can be done with a click on the NoScript status bar icon. When NoScript detects scripts, it will block them and show itself on the status bar.

NoScript also protects you against the dangerous XSS vulnerability (cross-site scripting) and clickjacking attacks. A cross site script permits hackers to run harmful code. Clickjacking is when the script emulates a user click, allowing script execution or unwanted actions to occur.

Leave a comment

Your email address will not be published. Required fields are marked *