what is it?

download
The NoScript status bar menu
NoScript is Free Software (GPL), but if you find it useful, you can support its development :)
2006 PC World World Class

There's a browser safer than Firefox...
...it is Firefox, with NoScript!

Fight CLICKJACKING Now!

The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the "Using NoScript" video kindly contributed by John Wilkerson.

Staying safe has never been so easy!
Experts will agree: Firefox is really safer with NoScript!

sponsored links

V. 1.8.2.8 - Your Browser is YOURS

Main good news:
  • New and improved ClearClick anti-Clickjacking technology to disable user interaction with partially obstructed or not clearly visible embedded objects. Enabled by default on untrusted pages, you can configure it to work on trusted pages as well in NoScript Options|Plugins; most false positive have already been eliminated in 1.8.2.2, and enforcing it everywhere will likely become the default after some other testing testing.
  • New Forbid <FRAME> option for cross-site legacy frames, independent from Forbid <IFRAME>. Not to weaken IFRAME protection, legacy cross-site frames which are nested inside same-site IFRAMEs are blocked anyway.
  • NoScript Options|Plugins|Opaque embedded objects preference to defeat opacity-based attacks.
  • Restored compatibility with 1.5.0.x (note: due to technical limitations of Gecko 1.8, ClearClick is not available but you still get good anti-clickjacking protection from Opaque embedded objects and maximum from Forbid <IFRAME>/<FRAME>)
  • Frame breaker emulation on pages where JavaScript is disabled, i.e. something like if (self != top) top.location = location will work.
  • Suite of features enhancing HTTPS effectiveness:
    1. Force HTTPS on most sensitive sites
    2. Option to disable active content on whitelisted sites which are not served through HTTPS, either always or when connecting through a proxy ("Tor mode"), to mitigate domain spoofing risks in hostile environments
    3. Automatic and customizable Secure Cookie Management, to protect against HTTPS cookie hijacking. Important: if you got troubles logging in on some sites with this feature on, please get latest development build and, if it does not help, follow the easy advices given in this FAQ
  • Better bookmarklet compatibility on untrusted sites.
  • Temporarily allow all this page toolbar button.
  • Revoke temporary permissions toolbar button.
  • Several improvements in blacklisting mode: even if whitelisting is still the recommended safest mode, you can use Allow scripts globally and still block sites you mark as untrusted. More important, you can still enjoy full Anti-XSS protection even while you're keeping JavaScript allowed everywhere.
More in the changelog...

Experts do agree...

08/06/2008, "I'd love to see it in there." (Window Snyder, "Chief Security Something-or-Other" at Mozilla Corp., interviewed by ZDNet about "adding NoScript functionality into the core browser").

03/18/2008, "Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits" (Rich Mogull on TidBITS, Should Mac Users Run Antivirus Software?).

11/06/2007, Douglas Crockford, world-famous JavaScript advocate and developer of JSON (one of the building blocks of Web 2.0), recommends using NoScript.

03/16/2007, SANS Internet Storm Center, the authoritative source of computer security related wisdom, runs a front-page Ongoing interest in Javascript issues diary entry by William Stearns just to say "Please, use NoScript" :)
Actually, NoScript has been recommended several times by SANS, but it's nice to see it mentioned in a dedicated issue, rather than as a work-around for specific exploits in the wild. Many thanks, SANS!

05/31/2006, PC World's The 100 Best Products of the Year list features NoScript at #52!

Many thanks to PC World, of course, for grokking NoScript so much, and to IceDogg who kindly reported these news...

In the press...

  • PC World deems Internet Explorer 7 Still Not Safe Enough because it doesn't act like "NoScript [...] an elegant solution to the problem of malicious scripting" (cite bite)
  • New York Times says "[...] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC", (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).
  • PC World's Ten Steps Security features using NoScript as step #6. (cite bite)
  • The Washington Post security blog compares MSIE "advanced" security features (like so called "Zones") to Firefox ones and recommends NoScript adoption as the safest and most usable approach. (cite bite)
Giorgio Maone
what is it?  features  changelog  screenshots  forum  faq  get it!
Get Firefox GetJava Download Button Valid XHTML 1.0! Valid CSS!
Copyright © 2004-2007 InformAction - All rights reserved
hackademix.net Download in a Flash... with FlashGot! Proudly hosted by easyspeedy