NoScript Security Suite – Get this Extension for 🦊 Firefox (en-US) (original) (raw)

Winner of the "PC World - World Class Award" and bundled with the Tor Browser, NoScript gives you the best available protection on the web. It allows JavaScript, Flash, and other executable content to run only from trusted domains of your choice (e.g. your banking site), thus mitigating remotely exploitable vulnerabilities, such as Spectre and Meltdown.

It protects your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology.

Such a preemptive approach prevents exploitation of security vulnerabilities (known and unknown!) with no loss of functionality where you need it.
Experts do agree: Firefox is really safer with NoScript!

FAQ: https://noscript.net/faq
Forum: https://noscript.net/forum

A Basic NoScript 10 Guide

Still confused by NoScript 10's new UI?
Check this user-contributed NoScript 10 primer.
and this NoScript 10 "Quantum" vs NoScript 5 "Classic" (or "Legacy") comparison.

Security issues affecting Firefox or the Tor Browser which can be fixed by a NoScript update are guaranteed to be addressed within 24 hours. This sometimes requires many updates to be issued in a short timespan, and when this happens you may notice NoScript UI's asking to "reload this page in order to operate properly". This is normal on "live" updates, and it just means the UI is out of sync with the page content, but there's no need to worry as all the restrictions to scripts and active content are still in place.

How are you enjoying NoScript Security Suite?

This add-on needs to:

• Access browser tabs
• Store unlimited amount of client-side data
• Access browser activity during navigation
• Access your data for all websites

v 11.4.42
============================================================
x [nscl] Further SyncMessage simplification
x Mitigate race conditions on startup

v 11.4.41
============================================================
x [nscl] Fixed Chromium worker patching regression caused by
failSafe scope
x [nscl] Force service workers to be patched bypassing cache
x [nscl] More robust SyncMessage implementation
x [nscl] Enhanced remote worker patching
x [nscl] Remove missing source map warning for
browser-polyfill.js
x [nscl] Better console handling in execution context
patches
x Reduce console spam on non-debugging instances
x [nscl] Avoid patched workers breakage if console API is
disabled (thanks ayi for reporting)