NoScript

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

The NoScript Firefox Extension, now known as NoScript Security Suite, is a free and open-source extension for the Firefox web browser along with some other browsers based on the same engine. NoScript was created by Giorgio Maone, a member of the Mozilla Security Group.

Noscriptreview.jpg

Get the NoScript Extension
 from mozilla.org.

The official NoScript web site has the extension along with screenshots, FAQ, and compatibility information.

Description

NoScript extension allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology. It also implements the DoNotTrack tracking opt-out proposal by default, see http://snipurl.com/nsdntrack . Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality.

When used correctly, no safe web site should be negatively impacted. You couldn't be in safer hands while surfing the web.

NoScript Review

50star.png

In light of recent browser hijack and malware such as the Internet Security 2012 Virus it is highly recommended that users install and learn to use this extension. It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology. It also implements the DoNotTrack tracking opt-out proposal by default.

No version of Microsoft Internet Explorer to date (2014) provides the same level of protection as using a Mozilla based web browser with the NoScript extension. Read Firefox With NoScript -vs- Microsoft Internet Explorer for more details.

note: incompatibility with online banking: resolve. Issue: even with "allow scripts globally" and allowed domains many major online banking sites will not function with this extension active. NoScript had to be completely disabled for online banking. Resolution: Options -> Advanced - > uncheck "Turn cross-site POST requests into data-less GET requests" - do online banking - then promptly enable the feature again. This feature is a valuable security intervention and the problem it causes is actually a defect in the bank's web site that the bank needs to and hopefully will correct presently.

NoScript deserves 5 stars and we urge people to try out. However, it may be overwhelming for some novice users or people that "just don't get it" and cause them problems on their ordinary use of common web sites. However, not everyone is willing to wear a life preserver when they go boating in deep water, and as much is the same for online safety and security.

Upgraded NoScript to 5 star status. This is the most valuable Firefox Extension ever created. I recommend it to everyone.

  • Usefulness: Recommended (for security)
  • Category: Security
  • Side Effects: may conflict with other plugins.
  • Conflicts: impacts but does not nullify QuickJava 1.7.5. Although it works ok with Flashblock 1.5.15.1., it is no longer necessary to use Flashblock when running NoScript (redundancy). Other similar plugins also redundancy; possibly QuickJava.
  • VLT: 2.2.3

configuration tip: Goto Firefox about:config and change boolean parameter noscript.firstRunRedirection to disable annoying NoScript homepage after update (because updates are very frequent). Set noscript.firstRunRedirection to False.

NoScript Review is one of many Firefox Extensions discussed on the Favorite Firefox Extensions section.

Palemoon

Download from https://noscript.net/getit and install.

Configuration Help

Whitelist your Internal LAN IP range

This works sometimes. If your LAN is 10.0.0.1/24 then enter 10.0.0 into the whitelist. Do not add a trailing period. Do not use an asterisk wildcard character.

As another example: 192.168.0

The FIRST TIME YOU LOAD a web page it shows as "blocked" then after you refresh the browser NoScript seems to unblock the content. This is a bug in NoScript when using a partial IP address to do the whole subnet.

Whitelist an external web site or network range

To whitelist the 4th octet only, navigate away from the site and remove this temporary permission from the whitelist manually. NoScript > Options > Whitelist > Select this site. It will be in italics. Click "Remove selected sites" > OK. Then add the first 3 octets into the whitelist, as an example: 199.241.8

External Resources

 

keywords: addon add-on addons add-ons plugin plugins plug-in plug-ins extension firefox mozilla

Retrieved from "http://wiki.robotz.com/index.php?title=NoScript&oldid=19819"