We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

NoScript upgrade stops clickjacking attacks in Firefox

ClearClick detects & warns users about embedded scripts

NoScript, the security add-on for Firefox, has been upgraded to protect against clickjacking.

NoScript blocks scripts in programming languages such as JavaScript and Java from executing on untrusted web pages. The scripts could be used to launch an attack on a PC.

According to Giorgio Maone, an Italian security researcher who wrote and maintains the program, Version of the software will stop clickjacking attacks, which sees users accidentally clicking on malicious, invisible links while browsing the web.

Clickjacking has been known for several years but is drawing attention again after two security researchers, Robert Hansen and Jeremiah Grossman, warned last month of new scenarios that could compromise a person's privacy or even worse, steal money from a bank account.

Unfortunately, clickjacking is possible due to a fundamental design feature in HTML that allows websites to embed content from other web pages, Maone said. Nearly all web browsers are vulnerable to a clickjacking attack.

"It's a very hard thing to fix because it's part of the very fabric of the web and the browser," Maone said.

The embedded content can be invisible but a person can still unknowingly interact with it. A clickjacking attack takes advantage of that by tricking a user into clicking on a button that appears to do some function but actually does something entirely different.

Clickjacking can also be accomplished by manipulating the plug-ins of other applications, such as Adobe's Flash program and Microsoft's Silverlight. For example, researchers in recent days have shown it's possible for a clickjacking attack to turn on a person's web camera and microphone without their knowledge.

Adobe said this week it will issue a patch for Flash by the end of the month.

NEXT PAGE: How website owners can protect their users

IDG UK Sites

What to expect from Google I/O 2015 | Google I/O live video stream | Google I/O live blog |...

IDG UK Sites

Why Intel’s vision of the future is a future I want to live in

IDG UK Sites

Ben & Holly's Game of Thrones titles spoof is delightfully silly

IDG UK Sites

Jony Ive 'semi-retired' into new role: kicked upstairs as Chief Design Officer