We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

NoScript upgrade stops clickjacking attacks in Firefox

ClearClick detects & warns users about embedded scripts

NoScript, the security add-on for Firefox, has been upgraded to protect against clickjacking.

NoScript blocks scripts in programming languages such as JavaScript and Java from executing on untrusted web pages. The scripts could be used to launch an attack on a PC.

According to Giorgio Maone, an Italian security researcher who wrote and maintains the program, Version 1.8.2.1 of the software will stop clickjacking attacks, which sees users accidentally clicking on malicious, invisible links while browsing the web.

Clickjacking has been known for several years but is drawing attention again after two security researchers, Robert Hansen and Jeremiah Grossman, warned last month of new scenarios that could compromise a person's privacy or even worse, steal money from a bank account.

Unfortunately, clickjacking is possible due to a fundamental design feature in HTML that allows websites to embed content from other web pages, Maone said. Nearly all web browsers are vulnerable to a clickjacking attack.

"It's a very hard thing to fix because it's part of the very fabric of the web and the browser," Maone said.

The embedded content can be invisible but a person can still unknowingly interact with it. A clickjacking attack takes advantage of that by tricking a user into clicking on a button that appears to do some function but actually does something entirely different.

Clickjacking can also be accomplished by manipulating the plug-ins of other applications, such as Adobe's Flash program and Microsoft's Silverlight. For example, researchers in recent days have shown it's possible for a clickjacking attack to turn on a person's web camera and microphone without their knowledge.

Adobe said this week it will issue a patch for Flash by the end of the month.

NEXT PAGE: How website owners can protect their users


IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......