In association with heise online

28 July 2010, 16:38

Firefox plug-in NoScript 2.0 released

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

NoScript Logo NoScript creator Giorgio Maone has announced the release of version 2.0 of his open source extension for Mozilla's Firefox browser that blocks the execution of JavaScript, Java, Flash and other plug-ins or scripted content. The add-on for Firefox includes a white list to allow scripts from certain web sites and helps to prevent clickjacking attacks, which involve a crafted web site inserting a transparent iFrame underneath the user's cursor. Victims believe that they are clicking on the displayed web page, when in fact they are actually clicking on control elements (e.g. buttons) on a transparent iFrame from another website.

According to its developer, the latest version of the NoScript add-on for Firefox is even more reliable, has an updated user interface synchronisation system that's more efficient than previous versions and includes several improvements against cross-site scripting (XSS). Maone is especially proud of the new feature in version 2.0 that builds on the add-on's Application Boundaries Enforcer (ABE) module and provides cross-zone CSRF protection for flawed routers which expose their WAN IP on their LAN interface, saying that it "saves your router's ass even if it's so flawed to expose its UI on the LAN with its WAN IP". Other changes include the addition of an import / export feature, better handling of mixed permissions pages and improved support for Firefox Mobile, also known as "Fennec".

More details about the release can be found in the change log. NoScript 2.0 is available to download from the project's site or from the Add-ons for Firefox portal and supports Firefox 3.0 or later. Users running older versions of Firefox must use the previous 1.10.x branch of NoScript. NoScript is licensed under version 2 of the GNU General Public License.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit