Firefox & NoScript: Cross Site Scripting protection
Posted By RichC on January 10, 2008
The more I learn about the customizable power of Mozilla’s Firefox extensions, the more I wonder how I safely navigated the web in the past; perhaps there are just more annoying and dangerous scripts then there have ever been?
Here’s a favorite extension known as NoScript by Giorgio Maone which has been around for a few years, but is becoming more essential than ever. Implementing it, and customizing the ‘trusted and untrusted sites features’ allows only JavaScript, Java and executable content from hand picked domains. Cross-site Scripting (XSS), “one of the most widespread security problems today,” could allow unscrupulous attackers access to your computer through the use of embedded web page scripts without your knowledge. (Virtual Forge has an excellent PDF ‘white paper’ on XSS to learn more.) While your improving Firefox, how about getting rid of some of those annoying ads by trying the Ad Block Plus extension?
Comments