what is it?

Install
The NoScript status bar menu

There's a browser safer than Firefox...
...it is Firefox, with NoScript!

2006 PC World World Class

NoScript 10 "Quantum" resources

The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).

NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known, such as Meltdown or Spectre, and even not known yet!) with no loss of functionality...

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the "Block scripts in Firefox" video by cnet.

Staying safe has never been so easy!
Experts will agree: Firefox is really safer with NoScript!

V. 10.2.0 - Quantum Security for everyone!

If you find any bug or you'd like an enhancement, please report here or here. Many thanks!

Main good news
  • Fixed meta refresh inside NOSCRIPT emulation breaking Firefox's built-in refresh blocking
  • Darker red badge background to ensure text is kept white across browsers
  • More effective "disable restrictions for this tab" feature.
  • Improved UI integration with the Tor Browser.
  • Better support for the ftp:// protocol.
  • Updated and new translations.
  • (Classic) Fixed automatic reload bug (thanks ThomasW and barbaz for reporting).
  • Better IPV6 support.
  • UI support for protocol-only entries
  • Transparent support for FQDNs
  • Localization through Transifex integration.
  • Better file: protocol support.
  • Full-page placeholders for media/plugin documents
  • Completely revamped CSP management, enforcing policies both in webRequest and in the DOM.
  • Improved Tor Browser 8 integration.
  • Several new and updated translation, thanks to the Localization Lab / OTF NoScript Transifex project.
  • Various bug fixes.
  • Popup toolbar buttons fully configurable via Drag'n'Drop
  • New "Disable restrictions for this tab" and "Disable restrictions globally" buttons in the main popup UI.
  • Several performance improvements in inter-process content blocking stats synchronization (thanks Rob Wu for report).
  • Simplified URL management in "Allow object" prompt.
  • Switched all the beta (both Quantum and Classic) and just the Classic stable updates to be announced and served from secure.informaction.com, because AMO doesn't support beta channels anymore. If you're using any beta or a Classic release (i.e. NoScript 5.x) you need to install latest build at least once from the noscript.net website.
  • (Classic) Fixed ABE Anon action loop with e10s enabled (thanks barbaz for reporting).
  • (Classic) Fixed JSON interactive view disabled by cascading restrictions (thanks jester for reporting)
  • Click+DEL to remove in-content popup and overlays on script-disabled pages in Quantum.
  • WebGL blocking on script-enabled pages in Quantum.
  • Font blocking working with data: and blob: URLs on Quantum.
  • Right-click in-page context menu item for quick access is back in Quantum.
  • Improved XSS Filter.
  • Various user interface improvements.
  • Better display on mobile devices in portrait mode (Android).
  • Individual temporary / permanent TRUSTED preset buttons.
  • Firefox Quantum support on Android.
  • Added "Export" and "Import" buttons to the Options window, the latter compatible with NoScript 5 formats (both full JSON preferences exports and plain text white/black lists).
  • Added "Reset to defaults" button and "Temporarily set top-level sites to TRUSTED" option.
More in the changelog...

Experts do agree...

03/10/2014, Edward Snowden endorses NoScript as a countermeasure against state Surveillance State.

08/06/2008, "I'd love to see it in there." (Window Snyder, "Chief Security Something-or-Other" at Mozilla Corp., interviewed by ZDNet about "adding NoScript functionality into the core browser").

03/18/2008, "Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits" (Rich Mogull on TidBITS, Should Mac Users Run Antivirus Software?).

11/06/2007, Douglas Crockford, world-famous JavaScript advocate and developer of JSON (one of the building blocks of Web 2.0), recommends using NoScript.

03/16/2007, SANS Internet Storm Center, the authoritative source of computer security related wisdom, runs a front-page Ongoing interest in Javascript issues diary entry by William Stearns just to say "Please, use NoScript" :)
Actually, NoScript has been recommended several times by SANS, but it's nice to see it mentioned in a dedicated issue, rather than as a work-around for specific exploits in the wild. Many thanks, SANS!

05/31/2006, PC World's The 100 Best Products of the Year list features NoScript at #52!

Many thanks to PC World, of course, for grokking NoScript so much, and to IceDogg who kindly reported these news...

In the press...

Download in a Flash... with FlashGot! Proudly hosted by easyspeedy