Web surfing can expose users to attacks from executable content. Cross-site scripting attacks, which can inject malware into visitors’ browsers, are increasingly common. But the NoScript add-on
can block Java and other potentially dangerous executables from downloading without user permission.
The tool takes some getting used to as users must accept frequently visited domains and individual Web pages. Permission can be granted temporarily or indefinitely. (A relatively new feature permits the automatic trusting of domains listed in browser bookmarks). It is possible, of course, that malicious scripts can run on trusted sites. In most cases, however, the dangerous scripts are hosted on a separate (untrusted) domain. Check out this month’s site to see.