My response: https://security.stackexchange.com/a/223723/13575 – the second part of the answer (below the dividing line).Take into consideration that NoScript will also increase the attack surface
Thoughts?
TIA
My response: https://security.stackexchange.com/a/223723/13575 – the second part of the answer (below the dividing line).Take into consideration that NoScript will also increase the attack surface
(red coloring mine)https://security.stackexchange.com/a/27957 wrote: For starters, Chrome has better security features and a larger security effort than Firefox.
It's true that JavaScript can be involved in exploitation and exploit kits use JS to hide exploits and profile the browser for exploitation. But disabling JS should not be considered a silver bullet for browser security.
More than just blocking JS, NoScript brings to Firefox security features which Chrome already has, like XSS protection. And features that Chrome lacks, like Clickjacking protection and protection against plugin based attacks. Take into consideration that NoScript will also increase the attack surface.
There isn't a clear winner here considering that the security of Firefox + NoScript depends on the user configuring NoScript and the usability trade-off.
For more about browser security read the Browser Security Handbook by Michal Zalewski. His book, The Tangled Web: A Guide to Securing Modern Web Applications extends this handbook.
That last sentence is drivel.It means that NoScript is also a target for exploitation. As browsers get harder to exploit, attackers focus more on pluggins and addons. NoScript parses a lot of input so there are a lot of possibilities for buffer overflows and other attacks.
Could you please be more specific about what about your response you would like us to evaluate?
Not a reasonable assumption.It's reasonable to assume that extensions for Firefox in general (not NoScript in particular) have a far smaller attack surface.
I struck through that part of my answer in Stack Exchange.