Firefox No Script

  1. Noscript Firefox Addon
  2. Firefox No Script Add-on

I use NoScript regularly on Firefox, and recommend it for daily use. It doesn't block ads, so you still support the site costs for their administrators. However, it does block flash ads, greatly reducing your CPU load when browsing (provided that you have the flash plugin installed). NoScript is, essentially, a Firefox add-on that disables things like JavaScript from running on web sites you visit. So before we talk about NoScript, we should actually talk about JavaScript: the programming language that makes the web we have today possible. Firefox only (Windows/Mac/Linux): Firefox extension NoScript prevents unauthorized web sites from running JavaScript, Java, Flash, or other plug-ins to keep your browsing sessions safe. Get Firefox, a free web browser backed by Mozilla, a non-profit dedicated to internet health and privacy. Available now on Windows, Mac, Linux, Android and iOS.


NoScript is Free Software (source code): if you like it, you can support its progress :)

NoScript 10 'Quantum' resources

The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other pluginsFirefox noscript review to be executed only by trusted web sites of your choice (e.g. your online bank).

NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known, such as Meltdown or Spectre, and even not known yet!) with no loss of functionality...

Noscript

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the 'Block scripts in Firefox' video by cnet.

Staying safe has never been so easy!
Experts will agree: Firefox is really safer with NoScript!

Recommended: protect your Internet traffic, too, with Military Grade Encryption.

V. 11.2.4 - Quantum Security for everyone!

If you find any bug or you'd like an enhancement, please report here or here. Many thanks!

Main good news
  • CSS resources prefetching as a mitigation against CSS Prime+Probe scriptless side-channel attack (thanks Yossi Oren & and its research team for assistance.)
  • New 'noscript' pseudo-capability to control whether <noscript> elements should be shown on scriptless pages.
  • Full UI keyboard-based navigation:
    Alt+Shift+N
    start
    Arrows/Tab
    move
    DEL/BKSPC/0
    DEFAULT
    +
    TRUSTED
    -
    UNTRUSTED
    C
    CUSTOM
    T
    Temp
    S
    HTTPS-lock
    HOME
    jump to the toolbar
    ESC/ENTER
    Close the UI
    R
    Reload current page without closing the UI
    Shift+G
    Globally disable restrictions
    Shift+T
    Disable restrictions on this tab
    P
    Set all on this page to Temp. TRUSTED
    F
    Forget temporary permissions
  • Operating on Incognito tabs prevents you from setting permanent permissions to avoid privacy leaks on disk (see https://trac.torproject.org/projects/tor/ticket/29957).
  • Improved Firefox Preview (Fenix) / Firefox for Android UI.
  • Completely asynchronous XSS Filter in its dedicated process
  • Several new and updated translations, thanks to the Localization Lab / OTF NoScript Transifex project.
  • 'Override Tor Browser Security Level preset' option offers more flexibility to NoScript+Tor power users.
More in the changelog...

Experts do agree...

03/10/2014, Edward Snowden endorses NoScript as a countermeasure against state Surveillance State.

Firefox No ScriptFirefox

08/06/2008, 'I'd love to see it in there.' (Window Snyder, 'Chief Security Something-or-Other' at Mozilla Corp., interviewed by ZDNet about 'adding NoScript functionality into the core browser').

03/18/2008, 'Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits' (Rich Mogull on TidBITS, Should Mac Users Run Antivirus Software?).

11/06/2007, Douglas Crockford, world-famous JavaScript advocate and developer of JSON (one of the building blocks of Web 2.0), recommends using NoScript.

03/16/2007, SANS Internet Storm Center, the authoritative source of computer security related wisdom, runs a front-page Ongoing interest in Javascript issues diary entry by William Stearns just to say 'Please, use NoScript' :)
Actually, NoScript has been recommended several times by SANS, but it's nice to see it mentioned in a dedicated issue, rather than as a work-around for specific exploits in the wild. Many thanks, SANS!

05/31/2006, PC World's The 100 Best Products of the Year list features NoScript at #52!

Many thanks to PC World, of course, for grokking NoScript so much, and to IceDogg who kindly reported these news...

In the press...

Noscript Firefox Addon

Noscript

Firefox No Script Add-on

  • CNET News: 'Giorgio Maone's NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory.' (March 9, 2009, Dennis O'Reilly, Get a new PC ready for everyday use)
  • Forbes: 'The real key to defeating malware isn't antivirus but approaches like Firefox's NoScript plug-in, which blocks Web pages from running potentially malicious programs' (Dec 11, 2008, Andy Greenberg, Filter The Virus Filters).
  • PC World: Internet Explorer 7 Still Not Safe Enough because it doesn't act like 'NoScript [...] an elegant solution to the problem of malicious scripting' (cite bite)
  • New York Times: '[...] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC', (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).
  • PC World's Ten Steps Security features using NoScript as step #6. (cite bite)
  • The Washington Post security blog compares MSIE 'advanced' security features (like so called 'Zones') to Firefox ones and recommends NoScript adoption as the safest and most usable approach. (cite bite)