what is it?

download
The NoScript status bar menu
NoScript is Free Software (GPL), but if you find it useful, you can support its development :)
2006 PC World World Class

There's a browser safer than Firefox...
...it is Firefox, with NoScript!

The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and others mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the "Using NoScript" video kindly contributed by John Wilkerson.

Staying safe has never been so easy!
Experts will agree: Firefox is really safer with NoScript!

sponsored links

V. 1.6.5 "Featherlight Armor"

Main good news:
  • Improved anti-XSS behavior with HTTP proxies (thanks Philipp Gühring).
  • Improved cross-site POST blocking as an anti-CSRF mitigation.
  • Better feedback for blacklisted items on the page, by appending untrusted sites count to "Untrusted" menu label.
  • Specific shadowed status icon for pages having some origins allowed and all the remaining marked as untrusted.
  • Further Anti-XSS filters refinement for maximum performance and lowest false positive rates.
  • Enhanced bookmark and location bar management (e.g. you can test bookmarklets from the location bar even on untrusted sites).
  • Prevention of Java exploits based on malformed class names.
  • New and improved icons.
  • Much improved plugin interception, better differentiating content served by the same Flash-based application (e.g. YouTube's movie player)
  • New Blocked Objects menu to temporarily allow any blocked plugin content instance on the page, even if its placeholder is hidden or not easy to be seen. You can also unblock all the plugin content coming from a certain site, or certain content types only.
  • Enhanced blocked content placeholders, showing a descriptive icon for each type (e.g. PDF or Flash) when available.
  • Temporarily unblocked plugin content now obeys to the "Revoke Temporary Permissions" command.
  • New "noscript.allowedMimeRegExp" about:config option to whitelist some content types not to be blocked by Forbid other plugins, for instance "application/pdf" or "image/.*"
  • All content coming from sites explicitely marked as untrusted is blocked by default, even if allowed in NoScript Options|Plugins
  • Various directory traversal and information leakage countermeasures.
  • "Revoke temporary permissions" command available in floating menus.
  • Improved protection against Flash-based XSS attacks.
  • New "Collapse blocked objects" and "No placeholder for object coming from sites marked as untrusted" options for plugin content.
More in the changelog...

If you don't want this information page to open next time you upgrade NoScript, please read this FAQ.

Experts do agree...

03/18/2008, "Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits" (Rich Mogull on TidBITS, Should Mac Users Run Antivirus Software?)

11/06/2007, Douglas Crockford, world-famous JavaScript advocate and developer of JSON (one of the building blocks of Web 2.0), recommends using NoScript.

03/16/2007, SANS Internet Storm Center, the authoritative source of computer security related wisdom, runs a front-page Ongoing interest in Javascript issues diary entry by William Stearns just to say "Please, use NoScript" :)
Actually, NoScript has been recommended several times by SANS, but it's nice to see it mentioned in a dedicated issue, rather than as a work-around for specific exploits in the wild. Many thanks, SANS!

05/31/2006, PC World's The 100 Best Products of the Year list features NoScript at #52!

Many thanks to PC World, of course, for grokking NoScript so much, and to IceDogg who kindly reported these news...

In the press...

  • PC World deems Internet Explorer 7 Still Not Safe Enough because it doesn't act like "NoScript [...] an elegant solution to the problem of malicious scripting" (cite bite)
  • New York Times says "[...] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC", (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).
  • PC World's Ten Steps Security features using NoScript as step #6. (cite bite)
  • The Washington Post security blog compares MSIE "advanced" security features (like so called "Zones") to Firefox ones and recommends NoScript adoption as the safest and most usable approach. (cite bite)
Giorgio Maone
what is it?  features  changelog  screenshots  forum  faq  get it!
Get Firefox GetJava Download Button Valid XHTML 1.0! Valid CSS!
Copyright © 2004-2007 InformAction - All rights reserved
hackademix.net Download in a Flash... with FlashGot!