NoScript and Firefox Prefetching

[ChrisCB]

Hello.

My cousin just told me that his antivirus(Kaspersky) blocked a "Trojan.Script.Generic" attempt from a website after he went in google and searched for a particular keyword.

I immediately thought that he has prefetching ON and in fact that was the case, the website was being loaded in the background by FireFox and apparently it was a malicious one. My question is: Does NoScript scan for websites being fetched in the background by Firefox?

Cheers.

[Guest]

Does NoScript scan for websites being fetched in the background by Firefox?

My guess is no, as that wouldn't make sense.

[Alan Baxter]

I think Guest guessed right. Your cousin's AV scanned the content of the site and blocked the script because the AV happened to recognize the script as malicious. NoScript blocks all scripts and other active content from unwhitelisted sites by default. It does not scan them.

[Giorgio Maone]

NoScript blocks all scripts and other active content from unwhitelisted sites by default. It does not scan them.

In facts, NoScript does not scan anything, in the traditional "AV" sense.
It does scan some kinds of files right before they're loaded, e.g. to check for their type when the content-type header may be ambiguous or untrustable, but it usually doesn't block prefetch loads.

One notable exception is ABE, which does check all the loads generated by web content, included prefetches, because they can be used for CSRF attacks.