How Can Noscript Help Me?

Ask for help about NoScript, no registration needed to post
kol
Posts: 1
Joined: Thu Aug 17, 2017 11:41 am

How Can Noscript Help Me?

Post by kol »

I have firefox on win10. I'm curious about NoScript. I want to be able to be as secure as possible. But I'm confused as to what it does. So how can it help me be safe?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: How Can Noscript Help Me?

Post by Giorgio Maone »

Very shortly: NoScript enhances the security of Firefox by reducing its attack surface to the sites you trust.

Without NoScript, any website you land on, either willingly or by accident, and any 3rd party origin it pulls scripts from (dozens for page these days) can launch an attack:
  • against your local system, by exploiting a browser vulnerability through JavaScript or other dynamic capabilities)
  • against other websites (by exploiting cross-site-scripting, AKA XSS, vulnerabilities).
NoScript disables scripting and other "dangerous" capabilities by default, letting you choose (either temporarily or permanently) which sites can actually use them. This gives you a chance to evaluate PROs and CONs beforehand, rather than automatically running anything anywhere indiscriminately, which is how a stock browser works.

Furthermore, its anti-XSS filter protects your trusted websites (e.g. your online banking or your webmail) from cross-site-scripting attacks.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: How Can Noscript Help Me?

Post by barbaz »

Giorgio Maone wrote: Wed Jul 14, 2021 11:10 am NoScript disables scripting and other "dangerous" capabilities by default, letting you choose (either temporarily or permanently) which sites can actually use them.
Giorgio Maone wrote: Wed Jul 14, 2021 11:10 am its anti-XSS filter protects your trusted websites (e.g. your online banking or your webmail) from cross-site-scripting attacks.
Note that these are (mostly) separate components: if you decide you want one but not the other, you have the option to only enable/use only the one you want. For example, if you find the default-deny permissions management too cumbersome, you can make it default-allow instead by going NoScript Options > General and check everything in the Default tab. In that configuration you'll still have the XSS filter, and you can still manually block individual sites' active content by setting them to Untrusted.
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply