There's a browser safer than Firefox...
...it is Firefox, with NoScript!
The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click
on the NoScript status bar icon (look at the picture), or
using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the "Block scripts in Firefox" video
by cnet.
Staying safe has never been so easy!
Experts will agree: Firefox is really safer with NoScript!
sponsored links
- Car Loans
- Software Reviews
- download iambigbrother software
- Identity Theft
- toner cartridges
- Free Norton Free Antivirus Download here
- Download Norton AntiVirus Coupon, Rebate
V. 2.0.2.5 - Browse Safer, Browse Smart!
If you find any bug or you'd like an enhancement, please report here or here. Many thanks!
Main good news
- Better anti-XSS protection compatibility with Facebook games.
- Improved ClearClick compatibility with Flash movies inside frames when Adblock Plus is installed.
- More compliant HSTS implementation.
- Protection against XSS attacks exploiting Microsoft ASP's homographic unicode translation misfeature.
- Faster and more compatible Surrogate Script support.
- More administrators-friendly protection against DNS-rebinding attacks targeted to routers: device fingerprinting can be turned off by sending a "X-ABE-Fingerprint: Off" HTTP header, and fingerprinting requests (sent every 15 minutes instead of 5 now) are identified by a "Mozilla/5.0 (ABE, http://noscript.net/abe/wan)" User-Agent header. Furthermore, custom local subnets or IPs can be configured as a space-separated list in the noscript.abe.localExtras about:config preference.
- Several new Anti-anti-adblocker Surrogate Scripts to prevent pages from breaking when ads are disabled.
- NoScript 1.10.x is the last serie supporting Firefox 2.0 and older browsers. It will be updated only if affected by serious security vulnerabilities (very unlikely). This will allow the upcoming NoScript 2.x series to be developed faster and better, by removing legacy compatibility code and fully leveraging the latest APIs and language features.
- Built-in ABE ruleset editor.
- Better Surrogate Scripts error management and new built-in surrogates to securify AMO add-ons installation against MITM attacks and improve Google search experience when scripts are disabled.
- Full protection against Aviv Raff's scriptless tabnagging variant, by blocking refreshes triggered on unfocused untrusted tabs. See the changelog for more details.
- Important ABE enhancements: same domain origin matching (SELF+), same base domain origin matching (SELF++) and INCLUSION pseudo-method for fine-grained subrequests matching, see the updated ABE rules specification for details.
- Experimental external filters for plugin content (e.g. Blitzableiter to sanitize Flash applets). It requires Firefox 3.5 and above, and it can be configured from the new NoScript Options|Advanced|External Filters panel. To activate the built-in Blitzableiter support you need to enable filters, download Blitzableiter binaries and tell NoScript where the executable is. Please notice that Blitzableiter is in its early development stages, and it breaks a lot of Flash content.
- Improved and updated Firefox Mobile (Fennec) support: NoScript's UI has been moved inside the location bar, and options have been simplified down to 4 preset configurations (you can still perform fine-grained cofiguration in about:config or via Weave Sync).
- The long awaited pluggable site info page, can be opened by middle-clicking or shift+clicking on any site entry in NoScript's menus.
- Enhanced usability of universal Flash blocking.
- Improved HTTPS enforcing.
- Strict Transport Security support.
- New Import/Export buttons in the NoScript Options dialog, backup the whole NoScript configuration in a single JSON file, as a disconnected alternative to the Weave/XMark synchronization functionality (Fx 3 and above).
Experts do agree...
08/06/2008, "I'd love to see it in there." (Window Snyder, "Chief Security Something-or-Other" at Mozilla Corp., interviewed by ZDNet about "adding NoScript functionality into the core browser").
03/18/2008, "Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits" (Rich Mogull on TidBITS, Should Mac Users Run Antivirus Software?).
11/06/2007, Douglas Crockford, world-famous JavaScript advocate and developer of JSON (one of the building blocks of Web 2.0), recommends using NoScript.
03/16/2007, SANS Internet Storm Center, the authoritative source
of computer security related wisdom, runs a front-page
Ongoing interest in Javascript issues
diary entry by William Stearns just to say "Please, use NoScript" :)
Actually, NoScript has been recommended several times by SANS,
but it's nice to see it mentioned in a dedicated issue,
rather than as a work-around for specific exploits in the wild.
Many thanks, SANS!
05/31/2006, PC World's The 100 Best Products of the Year list features NoScript at #52!
Many thanks to PC World, of course, for grokking NoScript so much, and to IceDogg who kindly reported these news...
In the press...
- CNET News: "Giorgio Maone's NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory." (March 9, 2009, Dennis O'Reilly, Get a new PC ready for everyday use)
- Forbes: "The real key to defeating malware isn't antivirus but approaches like Firefox's NoScript plug-in, which blocks Web pages from running potentially malicious programs" (Dec 11, 2008, Andy Greenberg, Filter The Virus Filters).
- PC World: Internet Explorer 7 Still Not Safe Enough because it doesn't act like "NoScript [...] an elegant solution to the problem of malicious scripting" (cite bite)
- New York Times: "[...] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC", (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).
- PC World's Ten Steps Security features using NoScript as step #6. (cite bite)
- The Washington Post security blog compares MSIE "advanced" security features (like so called "Zones") to Firefox ones and recommends NoScript adoption as the safest and most usable approach. (cite bite)
