How Can Noscript Help Me?
How Can Noscript Help Me?
I have firefox on win10. I'm curious about NoScript. I want to be able to be as secure as possible. But I'm confused as to what it does. So how can it help me be safe?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: How Can Noscript Help Me?
Very shortly: NoScript enhances the security of Firefox by reducing its attack surface to the sites you trust.
Without NoScript, any website you land on, either willingly or by accident, and any 3rd party origin it pulls scripts from (dozens for page these days) can launch an attack:
Furthermore, its anti-XSS filter protects your trusted websites (e.g. your online banking or your webmail) from cross-site-scripting attacks.
Without NoScript, any website you land on, either willingly or by accident, and any 3rd party origin it pulls scripts from (dozens for page these days) can launch an attack:
- against your local system, by exploiting a browser vulnerability through JavaScript or other dynamic capabilities)
- against other websites (by exploiting cross-site-scripting, AKA XSS, vulnerabilities).
Furthermore, its anti-XSS filter protects your trusted websites (e.g. your online banking or your webmail) from cross-site-scripting attacks.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0
Re: How Can Noscript Help Me?
Giorgio Maone wrote: ↑Wed Jul 14, 2021 11:10 am NoScript disables scripting and other "dangerous" capabilities by default, letting you choose (either temporarily or permanently) which sites can actually use them.
Note that these are (mostly) separate components: if you decide you want one but not the other, you have the option to only enable/use only the one you want. For example, if you find the default-deny permissions management too cumbersome, you can make it default-allow instead by going NoScript Options > General and check everything in the Default tab. In that configuration you'll still have the XSS filter, and you can still manually block individual sites' active content by setting them to Untrusted.Giorgio Maone wrote: ↑Wed Jul 14, 2021 11:10 am its anti-XSS filter protects your trusted websites (e.g. your online banking or your webmail) from cross-site-scripting attacks.
*Always* check the changelogs BEFORE updating that important software!
-