NoScript : Zero Vulnerability in Firefox

We want secure browsing… don’t we..?? And yet many of us don’t know about this simple Firefox extension called NoScript. This security tool provides extra protection for Firefox, Seamonkey and other Mozilla-based browsers. It is of course free and once installed, allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of choice.

NoScript is recommended by many experts like Edward Snowden, Window Snyder, Rich Mogull, Douglas Crockford and William Stearns.

Features of NoScript:

Usable Security

On installing NoScript, all of JavaScript, Java, Flash, Silverlight and other possibly executable contents are blocked by default. On trusted sites, the scripts must be turned on selectively. This selection may be temporary or permanent as per user’s choice. Just like “LightBeam” or “HackSearch Button” extensions, NoScript icon appears on bottom right of the window on the status bar. Different icons with different meanings is shown there.

Site Matching

We are allowed to decide the permissions of the exact address, or the exact domain, or the parent domain. If you enable a domain (e.g., then all its subdomains are implicitly enabled as well. So, the same will be enabled while visiting this blog i.e. or any other blog on wordpress. Also there would not be any protocol denial (both http and https will be allowed). But if you enable the permissions for any address (protocol://host e.g. , you’re enabling its subdirectories ( like as well but neither its parents nor siblings (so, and any other blog will not be automatically enabled).

Security against all malicious content

As said earlier, NoScript’s primary aim is to prevent execution of malicious JavaScript but it effectively blocks Java, Silverlight, Flash and other plugins and embeddings like HTML video/audio or downloadable fonts on sites not included in ‘trusted sites’ list. In-fact they won’t even be downloaded. This results in efficient and secure internet browsing.

Untrusted Blacklist

There also come an option to mark a site untrusted. For a site in Untrusted Blacklist, NoScript won’t even propose you to allow it again and if you later want to revert your decision, NoScript allows you to do so.

Anti-XSS protection

Cross-Site Scripting (XSS) vulnerabilities allow an attacker to inject his own malicious code from source site to destination site and can be used to steal credentials. This is often overlooked and thus is highly popular among hackers (which led to creation of Jikto). NoScript assures user security by providing Anti-XSS Protection.

Language Support

NoScript has already been translated in 45 languages by different contributors from across the world and is ready for your use. Why waiting… grab it in your mother-tongue.

Install the add-on here.

For detailed features list, click here.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s