License / Price: Freeware
Language: English
File size: 551 KB
Developer: Giorgio Maone
OS: Windows/Unix/Mac
1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 3.00 out of 5)


NoScript (or NoScript Security Suite) is a free and open-source extension for Mozilla Firefox, SeaMonkey, and other Mozilla-based web browsers, created and actively maintained by Giorgio Maone,an Italian software developer and member of the Mozilla Security Group.

NoScript allows executable web content such as JavaScript, Java, Flash, Silverlight, and other plugins only if the site hosting is considered trusted by its user and has been previously added to a whitelist.

NoScript also offers specific countermeasures against security exploits.

NoScript is an add-on for Firefox that blocks JavaScript, Java, Flash, and other plugin content (allowing you to selectively re-enable them for certain sites).

It also offers cross-site scripting protection. This is mainly designed to keep web users safe, but security testers can also use the add-on to see what scripts a site is using.

  • Forbidden Icon – this means that scripts and plugin contents are blocked for the current site and its subframes. Even if some of the 3rd party script sources imported by the page may be in your whitelist, no code could run because the hosting documents are not enabled.
  • Partially Allowed Subcontent Icon – this means the top level site is still forbidden but some active subcontent pieces (either frames or plugin objects) are allowed: some code may be running, but the page is likely not to work correctly yet because its main script source is still blocked.
  • Partially Allowed Icon – this means scripts are allowed for the top-level (main) document, but some other active content or script sources imported by this page are not allowed yet. This happens when there are multiple frames, or script elements linking code hosted on 3rd party hosts.
    Since they’re often unnecessary, the site is likely to work even in this “partially allowed” state. Furthermore, in most cases when a site is compromised with JavaScript malware, the malicious code is hosted on external “shady” sites. Even if you’ve previously allowed the top-level site, these external sites are still blocked and the attack fails anyway.
  • Allowed with Blocked Embedded Content Icon – this means that all the script sources for the page are allowed but some embedded content (frames or plugin objects) is blocked. You can check and allow the blocked content either by looking for yellow visual placeholders in the page or by examining the Allowed with Blocked Embedded Content Icon Blocked Objects sub-menu.
  • Partially Allowed / Partially Untrusted Icon – this means that scripts are allowed for some URLs, and all the other ones are marked as untrusted.
  • Allowed Icon – this means that script execution is allowed for the current site
  • Globally Allowed Icon – this means that scripts are globally allowed (why did you decide to browse with low protection??!)

Leave a Reply