NoScript Extension for Mozilla Firefox
The
increasing popularity of Firefox internet browser will likely make it a
target of the bad guys. At the time of this writing in mid April of
2006, I'm not aware of any actual exploits. However, recently a rather long list of critical vulnerabilities was published
by Secunia. Some of these vulnerabilities were in javascript and some
were in the program itself. Normally, the Firefox developers are rather
quick to react and fix the problems. It's wise to follow the rule of
updating the application as soon as a new version is released. It's
also wise to use the subject extension, since it allows the user to
whitelist trusted sites and browse otherwise with both javascript and
Java disabled. Macromedia Flash can also be disabled.
The extension makes it a very simple matter to selectively enable
scripting. It serves as a convenience in this regard. The extension can be downloaded here: NoScript
I modified the default install of NoScript to
suit my taste. Customizing, including drag and drop, is under the View
menu. I unchecked the bookmarks toolbar to get rid of it, and dragged
the NoScript icon up to the Menu bar. The
screenshot below shows the result. The
mouse pointer indicates the NoScript icon. The all blue/white (no red) colors indicate the
current url is whitelisted and scripting is enabled.
Clicking
on the NoScript icon brings up its menu. Here's what I have under
Options-Appearance. I've chosen to not have the yellow info bar of
NoScript show.
You
control whether or not to allow Multimedia Flash under the Advanced
tab. It's a good idea to not allow it since it has a history of
vulnerabilities.