[CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

Michael A. Peters mpeters at mac.com
Sat Apr 18 07:15:02 UTC 2009


Lanny Marcus wrote:
> On Fri, Apr 17, 2009 at 6:44 PM, Robert Nichols
> <rnicholsNOSPAM at comcast.net> wrote:
> <snip>
>> My problem with NoScript is that there is virtually no site that I visit
>> that does not require scripting to function properly.

I think there is a mis-understanding of how noscript works.

By default it blocks ALL scripts.
Click on the little noscript icon on bottom right corner of firefox to 
whitelist a host.

Once whitelisted - any scripts (with very few exceptions - scripts that 
explicitly look like exploits) served from that host will be allowed.

Most sites serve scripts from numerous different hosts - but usually you 
only have to whitelist the host you are visiting, as most scripts served 
from other hosts are advertisement scripts.

XSS usually involves a script served from another domain called in the 
page you are viewing, so noscript is extremely effective at blocking them.


More information about the CentOS mailing list