« CyTRAP Labs guide - Firefox zero-day vulnerabilities - what can a user do NOW?
CyTRAP Labs Ratgeber - Datenschutz - klappt es in der Praxis - Fotos in Betrieben und Schulen »

CyTRAP Labs choice - Free Tool for Firefox, Mozilla and SeaMonkey - Allowing JavaScript and Java execution at trusted sites only

Your email:  
subscribe unsubscribe  

Recently we have reported about:

- CyTRAP Labs advisory - Mozilla Firefox JavaScript vulnerability

- CASEScontact.org advisory - Sun updates for multiple vulnerabilities in Java (2007-01-23)
Additionally, we have also explained what a user can and must do to reduce the risk regarding such type of zero-day vulnerabilities. This is especially important because new ones will continue to be discovered for Mozilla Firefox and SeaMonkey. This is besides the many that have and continue to be reported for the Internet Explorer.

- CyTRAP Labs guide - Firefox zero-day vulnerabilities - what can a user do NOW?

However, in some cases disallowing JavaScript or Java execution all-the-time can make things difficult. For instance, most banking websites require that you allow the use of JavaScript to be able to perform any financial transactions:

- CASEScontact.org guide - 10 commandments for more secure online banking

However, with this tool (see below) you can get extra protection for your Mozilla/Firefox or Flock browser. The extension allows JavaScript and Java execution only for trusted domains of your choice (e.g., your home-banking web site or your broker).

This tool works with the help of a whitelist based pre-emptive script, whereby it blocks attempts by malicious sites or users for exploiting of security vulnerabilities with the help of JavaScript or Java (known and even not known yet!). Best is that one does not loos functionality of the browser by taking advantage of this extension.

You can enable JavaScript/Java execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.

FACTS

Cost: Freeware
Software: V 1.1.4.3

Release Date: 2006-09-10
Platforms: Firefox 1.0.6 and above, Mozilla 1.7 and above, SeaMonkey 1.0 and above
Author: Giorigo Maone

Language: German, English, Croatien and so on.
Size of Download: 118 KB

If you need to check if you have this NoScript add-on installed do as follows:

A) go to Tools

B) click on Add ons, go down the list, if the add on is installed already you would see this:

Firefox-Java-NoScriptAdd-on

If you cannot see the above here it is - Java-NoScript-Add-on-for-Firefox

Additionally, you can do a few more things to make your browsing experience more secure as suggested here:

- CASEScontact.org advisory - Mozilla Firefox, Thunderbird and Sea Monkey - JavaScript vulnerability

Technorati , , , , , , , , , , , , , , , , , , , , , ,

This entry was posted on Tuesday, October 3rd, 2006 at 11:09 and is filed under

WordPress database error: [Can't find file: './Blog/wp_post2cat.frm' (errno: 13)]
SELECT post_id, category_id FROM wp_post2cat WHERE post_id IN (152)

Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

WordPress database error: [Table './Blog/wp_comments' is marked as crashed and last (automatic?) repair failed]
SELECT * FROM wp_comments WHERE comment_post_ID = '152' AND comment_approved = '1' ORDER BY comment_date

Leave a Reply

WordPress database error: [Table './Blog/wp_comments' is marked as crashed and last (automatic?) repair failed]
DESC wp_comments


Warning: Invalid argument supplied for foreach() in /var/www/hosts/cases/blog/wp-content/plugins/subscribe-to-comments.php on line 676

WordPress database error: [Table './Blog/wp_comments' is marked as crashed and last (automatic?) repair failed]
ALTER TABLE wp_comments ADD COLUMN comment_subscribe enum('Y','N') NOT NULL default 'N'

What's a blog without spam? WP-Hashcash.