We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

NoScript security tool released for Android, Maemo

The mobile version includes protection for cross-site scripting attacks and clickjacking

The developer of the widely used Firefox extension NoScript has released a version for the Android and Maemo operating systems.

NoScript is a security tool that can be used to block the execution of JavaScript, Java, Flash and plugins by websites that are viewed as being potentially malicious. Many Web-based attacks on computers are initiated by JavaScript.

NoScript's developer, Giorgio Maone, wrote on his blog on Saturday that porting the application for Firefox on Android and Maemo was not easy, as it was a full rewrite of the extension, and "there's still a lot of work ahead."

The mobile version, called NoScript 3.0a8, includes protection against cross-site scripting attacks, in which a script drawn from another website is allowed to run that shouldn't. Cross-site scripting can allow an attacker to steal information or potentially cause other malicious code to run.

It also can block "clickjacking," another kind of attack where a user is tricked into clicking on certain parts of a Web page with hidden buttons that perform malicious actions. Those hidden buttons are delivered by an invisible iframe, which is a window that brings other content into the target website.

In 2008, researchers Robert Hansen and Jeremiah Grossman discovered a clickjacking attack involving Adobe Systems' Flash application that could give remote access to a victim's Web camera and microphone.

There are around 1,000 pieces of malware circulating for mobile devices, which pales in comparison to malware built for Windows desktop operating systems. But security analysts predict that mobile phones will increasingly be attacked for the sensitive data stored on the devices.

The NoScript mobile version shares many of the same functions as the desktop one. For example, users can built an "easy blacklist," where they select untrusted sites on which JavaScript and plugins should be blocked. Another option is the "classic whitelist," where sites that are trusted are added to a list that NoScript doesn't block.

Maone wrote that NoScript does not require the browser to be restarted after updates are installed, which "means that hot fixes for new security threats can be deployed in a more effective, timely and convenient way."


IDG UK Sites

Nokia branding killed in place of 'Microsoft Lumia': Windows Phone moves into new era

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Halloween Photoshop tutorials: 13 masterclasses for horrifying art, designs and type

IDG UK Sites

Should you update your iPhone or iPad to iOS 8? iOS 8.1 brings back Camera Roll, adds Apple Pay in...