NoScript (Firefox) and ScriptSafe (Chrome, formerly ScriptNo): Both disable all scripts from running on pages without you specifically adding them to an allow list. This includes Java, JavaScript. Bosobo. One of the core reasons that I'm using Firefox as my main web browser is the NoScript extension for it.It blocks all scripts from running automatically on websites, ships with options to enable scripts temporarily or permanently, and offers a wide area of additional security features that protect the browser well from many threats on today's Internet.
NoScript is Free Software (source code): if you like it, you can support its progress :)
NoScript 10 'Quantum' resources
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
Scriptsafe For Firefox
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known, such as Meltdown or Spectre, and even not known yet!) with no loss of functionality..
Script Safe Download
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the 'Block scripts in Firefox' video by cnet.
Watch the 'Block scripts in Firefox' video by cnet.
Staying safe has never been so easy!
Experts will agree: Firefox is really safer with NoScript!
Experts will agree: Firefox is really safer with NoScript!
V. 11.2.4 - Quantum Security for everyone!
If you find any bug or you'd like an enhancement, please report here or here. Many thanks!
Main good news
- CSS resources prefetching as a mitigation against CSS Prime+Probe scriptless side-channel attack (thanks Yossi Oren & and its research team for assistance.)
- New 'noscript' pseudo-capability to control whether <noscript> elements should be shown on scriptless pages.
- Full UI keyboard-based navigation:
- Alt+Shift+N
- start
- Arrows/Tab
- move
- DEL/BKSPC/0
- DEFAULT
- +
- TRUSTED
- -
- UNTRUSTED
- C
- CUSTOM
- T
- Temp
- S
- HTTPS-lock
- HOME
- jump to the toolbar
- ESC/ENTER
- Close the UI
- R
- Reload current page without closing the UI
- Shift+G
- Globally disable restrictions
- Shift+T
- Disable restrictions on this tab
- P
- Set all on this page to Temp. TRUSTED
- F
- Forget temporary permissions
- Operating on Incognito tabs prevents you from setting permanent permissions to avoid privacy leaks on disk (see https://trac.torproject.org/projects/tor/ticket/29957).
- Improved Firefox Preview (Fenix) / Firefox for Android UI.
- Completely asynchronous XSS Filter in its dedicated process
- Several new and updated translations, thanks to the Localization Lab / OTF NoScript Transifex project.
- 'Override Tor Browser Security Level preset' option offers more flexibility to NoScript+Tor power users.
Scriptsafe For Waterfox
Experts do agree..
03/10/2014, Edward Snowden endorses NoScript as a countermeasure against state Surveillance State.
08/06/2008, 'I'd love to see it in there.' (Window Snyder, 'Chief Security Something-or-Other' at Mozilla Corp., interviewed by ZDNet about 'adding NoScript functionality into the core browser').
03/18/2008, 'Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits' (Rich Mogull on TidBITS, Should Mac Users Run Antivirus Software?).
11/06/2007, Douglas Crockford, world-famous JavaScript advocate and developer of JSON (one of the building blocks of Web 2.0), recommends using NoScript.
03/16/2007, SANS Internet Storm Center, the authoritative source of computer security related wisdom, runs a front-page Ongoing interest in Javascript issues diary entry by William Stearns just to say 'Please, use NoScript' :)
Actually, NoScript has been recommended several times by SANS, but it's nice to see it mentioned in a dedicated issue, rather than as a work-around for specific exploits in the wild. Many thanks, SANS!
Actually, NoScript has been recommended several times by SANS, but it's nice to see it mentioned in a dedicated issue, rather than as a work-around for specific exploits in the wild. Many thanks, SANS!
05/31/2006, PC World's The 100 Best Products of the Year list features NoScript at #52!
Many thanks to PC World, of course, for grokking NoScript so much, and to IceDogg who kindly reported these news..
In the press..
- CNET News: 'Giorgio Maone's NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory.' (March 9, 2009, Dennis O'Reilly, Get a new PC ready for everyday use)
- Forbes: 'The real key to defeating malware isn't antivirus but approaches like Firefox's NoScript plug-in, which blocks Web pages from running potentially malicious programs' (Dec 11, 2008, Andy Greenberg, Filter The Virus Filters).
- PC World: Internet Explorer 7 Still Not Safe Enough because it doesn't act like 'NoScript [..] an elegant solution to the problem of malicious scripting' (cite bite)
- New York Times: '[..] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC', (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).
- PC World's Ten Steps Security features using NoScript as step #6. (cite bite)
- The Washington Post security blog compares MSIE 'advanced' security features (like so called 'Zones') to Firefox ones and recommends NoScript adoption as the safest and most usable approach. (cite bite)
This article lists some browser extensions available for Firefox and/or Chromium.
Installation
Firefox extensions can be installed from addons.mozilla.org and managed at
about:addons
.Chrome extensions can be installed from the Chrome Web Store and managed at
chrome://extensions/
.Additionally a few Firefox extensions can be found in the official repositories and some more in the AUR.
To simplify maintenance this article does not link store pages or AUR packages of extensions. Readers are advised to obtain extensions through the linked official websites if no package is available.
Privacy
See also Firefox/Privacy and Chromium/Tips and tricks#Security.
Tip: It is not recommended to install all the privacy extensions. It can be counterproductive as they conflict with each other and does not increase security whatsoever.
Content blockers
- uBlock Origin — A lightweight, efficient blocker which is easy on memory and CPU. It comes with several filter lists ready to use out-of-the-box (including EasyList, Peter Lowe's, several malware filter lists). The lead developer of uBlock forked the project and created uBlock Origin. As of July 2015, most of the development is being done on uBlock Origin and the codebases are deviating substantially.
- https://github.com/gorhill/uBlock/ || firefox-ublock-origin, Chromium
- Adblock Plus — Was a popular extension to block ads. Now that it is not blocking some ads on purpose [1], it may be a better idea to use a different blocker like uBlock Origin.
- https://adblockplus.org/ || firefox-adblock-plus, Chromium
Advanced control
- uMatrix — Fork of HTTP Switchboard. Lets you selectively block Javascript, plugins or other resources and control third-party resources. It also features extensive privacy features like user-agent masquerading, referering blocking and so on. It effectively replaces NoScript and RequestPolicy. See the old HTTP Switchboard wiki for different ways how to use it.
- https://github.com/gorhill/uMatrix || firefox-umatrixAUR, Chromium
- ScriptSafe — Gives users control of the web and more secure browsing while emphasizing simplicity and intuitiveness. Due to the nature of this extension, this will break most sites! It is designed to learn over time with sites that you allow.
- https://github.com/andryou/scriptsafe || Firefox, Chromium
- NoScript — Disables JavaScript and Flash on any website not specifically whitelisted by the user. This extension will protect you from exploitation of security vulnerabilities by not letting anything but trusted sites (e.g: your bank, webmail) serve you executable content. Once installed you can configure settings for NoScript by either clicking its icon on the toolbar or right clicking a page and navigating to NoScript. You will then have the option to enable/disable scripts for the current page, as well as any third party scripts that the page is linking to. Alternatively you can choose to enable scripts temporarily for that session only. Be aware a lot of modern websites use scripts for layout purposes, hence content may look different. For example, failed rendering due to missing fonts might occur on websites that load fonts at runtime via scripts, which were blocked by NoScript. Warning: By default NoScript allows JavaScript from some corporations you might not like. It will affect your privacy. To change this, in NoScript click
Options
>Per-site Permissions
and set toUNTRUSTED
all the sites that you do not trust. Tor Browser, when using in the safer modes (where NoScript is used), already protects you.
- https://noscript.net/ || firefox-noscript
- ScriptBlock — Similar to NoScript, which is a Firefox add-on. Both extensions stop a website from executing any kind of JavaScript. However, ScriptBlock is a much simpler design thus it's easier to use. It blocks JavaScript by default. You can allow and temporary allow JavaScripts. Once you allow them to run, it lets all the JavaScripts run on that page so you might want ScriptBlock to work in conjunction with Privacy Badger. It's also worth checking it's default whitelist, which might be permissive to you.
- https://github.com/compvid30/scriptblock || Chromium
- Cookie AutoDelete — Deletes cookies as soon as the tab closes. Supports automatic and manual cookie cleaning modes. (Support for clearing LocalStorage was added in version 2.1, but only for Firefox versions 58+. The same release added support for first party isolation, but only for Firefox versions 59+).
- https://github.com/Cookie-AutoDelete/Cookie-AutoDelete || Firefox, Chromium
- Vanilla Cookie Manager — A cookie whitelist manager that automatically removes unwanted cookies. Cookies can be used for authentication, storing your site preferences or anything else that can be saved as text data. Unfortunately they can also be used to track you. You could turn off cookies completely or just shut off third-party cookies. But that would also keep out useful cookies that many web apps rely upon to work (like Google Mail or Calendar). With Vanilla you can select which cookies you want to keep on a whitelist. All unwanted cookies are deleted automatically (or manually if you prefer).
- https://github.com/laktak/vanilla-chrome || Chromium
Automatic tracker blockers
- Privacy Badger — Monitors third-party trackers loaded with web content. It blocks trackers once they appear on different sites. It does not block advertisements in the first place, but since a lot of ads are served based on tracking information these are blocked as well. For more information on the mechanism, see its FAQ.
- https://www.eff.org/privacybadger || firefox-extension-privacybadger, Chromium
- Disconnect — Aims to stop 2,000 third-party sites from tracking the user. It encrypts data sent to popular sites and claims to loads web pages 27 percent faster. Disconnect shows its users, in real time, how many tracking attempts from Google, Twitter, Facebook, and more are stopped. It categorizes tracking attempts into advertising, analytical, social, and content, which makes it easy to monitor how one is being tracked. Disconnect can also stop side-jacking, which utilizes stolen cookies to steal personal data. It is easy to use and well supported. Firefox gained a feature based on the Disconnect list, see Firefox/Privacy#Tracking protection.
- https://disconnect.me/ || Firefox, Chromium
Noise generators
- AdNauseam — A lightweight browser extension that blends software tool and artware intervention to fight back against tracking by advertising networks. AdNauseam works like an ad-blocker (it is built atop uBlock-Origin) to silently simulate clicks on each blocked ad, confusing trackers as to one's real interests.
- https://adnauseam.io/ || Firefox, Chromium
- TrackMeNot — Periodically issues randomized search-queries to popular search engines and helps you hide your real ones in a cloud of 'ghost' queries.
- https://cs.nyu.edu/trackmenot/ || Firefox, Chromium
Miscellaneous
- HTTPS Everywhere — Encrypts your communication with a website. It forces a connection over HTTPS instead of HTTP wherever possible. HTTPS Everywhere will be automatically configured and enabled upon restarting Firefox. For information on how to set up your own rules for different websites please visit the official website. HTTPS Everywhere does not magically enable HTTPS for every site on the internet. The site needs to support HTTPS and HTTPS Everywhere should have a ruleset configured for that site.
- https://www.eff.org/https-everywhere || firefox-extension-https-everywhere, Chromium
- Decentraleyes — Protects you against tracking through 'free', centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.
- https://decentraleyes.org/ || firefox-decentraleyes, Chromium
- CanvasBlocker — Blocks or fakes the JS-API for modifying <canvas> to prevent Canvas-Fingerprinting. Firefox has a built-in anti-fingerprinting feature that can be enabled by setting
privacy.resistFingerprinting
totrue
inabout:config
.
- https://github.com/kkapsner/CanvasBlocker/ || Firefox
- Privacy Settings — Provides a toolbar panel for easily altering the browser's built-in privacy settings.
- https://add0n.com/privacy-settings.html || Firefox, Chromium
Website customization
Websites can be augmented using user style sheets and JavaScript userscripts.
- Stylus — User style sheets manager, fork of defunct Stylish.
- https://add0n.com/stylus.html || firefox-stylus, Chromium
- Violentmonkey — Open source userscript manager.
- https://violentmonkey.github.io/ || Firefox, Chromium
- Tampermonkey — Proprietary userscript manager.
- https://tampermonkey.net/ || Firefox, Chromium
- Dark Reader — Inverts brightness of web pages and aims to reduce eyestrain while browsing the web.
- https://darkreader.org/ || firefox-dark-reader, Chromium
- Toggle Website Colors — Replaces colors with user selected ones.
- https://github.com/M-Reimer/togglewebsitecolors || Firefox
Keyboard shortcuts
There are various extensions providing vi-style keyboard shortcuts.
- Vimium — Allows mouse-less browsing, has an experimental Firefox version.
- https://github.com/philc/vimium || Firefox, Chromium
- Vim-Vixen — Vim-based browsing experience for Firefox.
- https://github.com/ueokande/vim-vixen || Firefox
- Saka Key — Allows mouse-less browsing, focused on accessibility.
- https://key.saka.io/ || Firefox, Chromium
- Krabby — Allows mouse-less browsing, inspired by Kakoune.
- https://krabby.netlify.app || Chromium, Firefox
- Tridactyl — Replace Firefox's control mechanism with one modelled on Vim.
- https://github.com/cmcaine/tridactyl || firefox-tridactyl
- wasavi — Can transform textareas into Vi editors.
- https://github.com/akahuku/wasavi || Firefox, Chromium
Edit text with external text editor
Extensions to edit <textarea>s with native text editors:
- Textern — Add-on for editing text in your favorite external editor, requires Python script, available as firefox-extension-textern-native-gitAUR.
- https://github.com/jlebon/textern || Firefox
- withExEditor — View source, selection, and edit text with the external editor, requires Node.js.
- https://github.com/asamuzaK/withExEditor || Firefox, Chromium
- GhostText — Use your text editor to write in your browser. Everything you type in the editor will be instantly updated in the browser (and vice versa). Has plugins for Vim, Emacs, Neovim, Visual Studio Code and Atom.
- https://github.com/GhostText/GhostText || Firefox, Chromium
![Scriptsafe Scriptsafe](/uploads/1/1/8/5/118593691/883441748.png)
See also
Retrieved from 'https://wiki.archlinux.org/index.php?title=Browser_extensions&oldid=661316'