14 DAY TRIAL // We continue our Security app of the week series with the Firefox extension known as NoScript, another piece of software that should be utilized not only by professionals, but also by regular users who want to make sure they’re protected against online threats while surfing the web.
NoScript can block JavaScript and other types of code that could pose a risk, its control panel allowing internauts to configure the add-on to suit their own needs.
One of the most important options is the whitelist, which allows users to specify the names of websites that are considered to be safe.
Then, the customer can also choose what type of content should be blocked on sites that are untrusted. The list includes, Java, Flash, Silverlight, audio and video, frames and iframes, and other plugins.
While regular users can configure the app to protect them without bugging them with all sorts of pop-ups, experts can set it so that they are alerted every time something potentially malicious is executed in the background.
As we’ve seen recently, many websites contain cross-site scripting (XSS) vulnerabilities that can be leveraged by cybercriminals to execute arbitrary content in the context of an apparently secure domain.
NoScript has a special section for XSS where you can sanitize suspicious URLs and turn cross-site POST requests into data-less GET requests.
Now, let’s take a look at a real-life scenario in which NoScript can protect you. On June 15, we reported that ESET experts came across a bogus Facebook app that warned users that their accounts would be terminated unless they completed a number of steps.
ESET Security Researcher Cameron Camp revealed that during the page load, a number of 13 malicious scripts would have been executed if it hadn’t been for the trusty Firefox NoScript add-on, which blocked them all before they could cause any damage.
So, there you have it, NoScript for Firefox is certainly an application that should be installed by all Firefox customers.
For those who prefer Google Chrome, the alternative is ScriptNo and for Opera fans it's NotScripts.
NoScript is available for download here