NoScript - Altometa

(No Ratings Yet)

NoScript (or NoScript Security Suite/NoScript Firefox Extension) is an extension or add-on that provides extra protection for Firefox, Seamonkey and other mozilla-based web browsers. This free, open source add-on automatically blocks Javascript, Java, Flash, Silverlight and other plugins from loading on a page unless allowed or trusted by the user. It also offers specific countermeasures against security exploits. NoScript also provides the most powerful anti-XSS (Cross-site scripting) and anti-Clickjacking protection.

NoScript’s unique whitelist based pre-emptive script blocking approach prevents exploitation of known security vulnerabilities such as Meltdown or Spectre, and even others not known yet, without loss of functionality.

Users can selectively allow which Javascripts, Java and plugin execution can run on the web browser with a simple left-click on the NoScript status bar icon (see image below), or using the contextual menu, for easier operation in pop-up windows that has no status bar.

The add-on was written by Giorgio Maone.

Features

NoScript blocks JavaScript, Java, Flash, Silverlight, and other “active” content by default on any mozilla-based Web Browser such as Firefox and Seamonkey. Users can allow active content to run on trusted websites, by giving explicit permission, on a temporary or a more permanent basis. If “Temporarily allow” is selected, then scripts are enabled for that site only until the browser session is closed.

Web Browser attacks require scripting. Because of this reason, configuring the browser to have scripting disabled by default reduces the chances of exploitation. Blocking plug-in content also helps to mitigate any vulnerabilities in plug-in technologies, such as Java, Flash, Acrobat, and so on. NoScript replaces these blocked elements with a placeholder icon. Clicking on this icon enables the element.

The add-on is displayed as a toolbar icon or status bar icon in Firefox and Seamonkey. It appears on every website to denote whether NoScript has either blocked, allowed, or partially allowed scripts to execute on the web page being viewed. Since version 2.0.3rc1, clicking or hovering the mouse cursor on the NoScript icon gives the user the option to allow or forbid the script to run.

NoScript’s interface shows the URL of the script(s) it has blocked, but does not provide any reference to look up whether or not a given script is safe to run. With complex web pages, users may face a well over a dozen different cryptic URLs and a non-functioning web page, with only the choice to allow the script, block the script or to allow it temporarily. However, the names of certain URLs may often give indications of the purposes of these scripts, for instance, in the case of scripts coming from an online advertising and tracking sites/companies. This gives users the ability to specifically weed out scripts that they don’t want to run.

NoScript can provide additional defenses against web-based attacks such as XSS, CSRF, clickjacking, man-in-the-middle attacks, and DNS rebinding, with specific countermeasures that work independently from script blocking.