We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,262 News Articles

NoScript upgrade stops clickjacking attacks in Firefox

ClearClick detects & warns users about embedded scripts

NoScript, the security add-on for Firefox, has been upgraded to protect against clickjacking.

NoScript blocks scripts in programming languages such as JavaScript and Java from executing on untrusted web pages. The scripts could be used to launch an attack on a PC.

According to Giorgio Maone, an Italian security researcher who wrote and maintains the program, Version 1.8.2.1 of the software will stop clickjacking attacks, which sees users accidentally clicking on malicious, invisible links while browsing the web.

Clickjacking has been known for several years but is drawing attention again after two security researchers, Robert Hansen and Jeremiah Grossman, warned last month of new scenarios that could compromise a person's privacy or even worse, steal money from a bank account.

Unfortunately, clickjacking is possible due to a fundamental design feature in HTML that allows websites to embed content from other web pages, Maone said. Nearly all web browsers are vulnerable to a clickjacking attack.

"It's a very hard thing to fix because it's part of the very fabric of the web and the browser," Maone said.

The embedded content can be invisible but a person can still unknowingly interact with it. A clickjacking attack takes advantage of that by tricking a user into clicking on a button that appears to do some function but actually does something entirely different.

Clickjacking can also be accomplished by manipulating the plug-ins of other applications, such as Adobe's Flash program and Microsoft's Silverlight. For example, researchers in recent days have shown it's possible for a clickjacking attack to turn on a person's web camera and microphone without their knowledge.

Adobe said this week it will issue a patch for Flash by the end of the month.

NEXT PAGE: How website owners can protect their users


IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Evernote Skitch: the best way for creatives to doodle feedback