[CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?
Michael A. Peters
mpeters at mac.com
Sat Apr 18 07:15:02 UTC 2009
Lanny Marcus wrote:
> On Fri, Apr 17, 2009 at 6:44 PM, Robert Nichols
> <rnicholsNOSPAM at comcast.net> wrote:
>> My problem with NoScript is that there is virtually no site that I visit
>> that does not require scripting to function properly.
I think there is a mis-understanding of how noscript works.
By default it blocks ALL scripts.
Click on the little noscript icon on bottom right corner of firefox to
whitelist a host.
Once whitelisted - any scripts (with very few exceptions - scripts that
explicitly look like exploits) served from that host will be allowed.
Most sites serve scripts from numerous different hosts - but usually you
only have to whitelist the host you are visiting, as most scripts served
from other hosts are advertisement scripts.
XSS usually involves a script served from another domain called in the
page you are viewing, so noscript is extremely effective at blocking them.
More information about the CentOS