24th May 2012

You are here: Home / Blog / Remove NoScript from your Firefox – here is why.

Remove NoScript From Your Firefox – Here Is Why.

4th May 2009 By 3 Comments

If you don’t want to see a lot of advertising in your web browser you have probably installed AdBlockPlus. However, the developer of the NoScript extension has now moved to aggressively make money using unacceptable techniques.

This is going to be about the popular NoScript extension which happens to make its money from ads. And to make sure that somebody sees these ads it goes pretty far. For example, it opens the changelog webpage (full of ads of course) on every single update of the extension, even though the NoScript FAQ claim that it happens only on major updates (yes, if you dig into it you will find the preference to disable this behavior – but how many people do that?). And updates coming roughly each week ensure that this page is opened fairly often. A problem is of course that NoScript will usually disable scripting and consequently also most advertising. That problem is being worked around by putting NoScript’s domains, Google AdSense and a few others on NoScript’s default whitelist (again, the overwhelming majority of users won’t go hunting for bogus entries in their whitelist). Given that NoScript proudly calls itself a security extension this means putting users at risk — for example, a while ago I demonstrated how an XSS vulnerability on a NoScript domain can be used to run JavaScript from any website, despite NoScript.

Turns out that AdBlockPlus no longer works because of NoScript. The AdBlockPlus people will not take the step of counteracting NoScript.

Conclusion: Remove the NoScript extension.

Adblock Plus and (a little) more: Attention NoScript users: “”

Postscript

The author of the NoScript extension now apologises in this post.

I am not sure what is happening now. I guess I will have to wait and find out what is next.

This post is copyright of Thropos Ltd ©2008-2011 at Etherealmind.com - contact | email: greg.ferro@packetpushers.net - twitter: @etherealmind | All rights reserved
Filed Under: Blog Tagged With:
About Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus

  • Steve B

    According to the Register it was the AdBlockPlus dev that messed with NoScripts website first as he didn’t like the fact it had ads on it and appears after each update, that’s not an attitude I can understand in this situation. I’m getting a really useful add-on for free and don’t expect the guy that wrote to it live off fresh air – if he runs ads on his site that’s fine.

  • Moeman

    @ Steve B, totally disagree. Adblock plus is there to block ads plain and simple, the noscript developr did not like his ads being blocked on his page so he maliciously interfered with Adblock Plus, which goes against all of Mozillas ethics. A simple message on the noscript homepage asking Adblock users to allow ads to support noscript is sufficient, many websites display a polite message like this, its not that hard and far more ethical than creating code to interfere with a rival add on, in a very sneaky way.

  • Steve Davis

    Utter trash. Sorry, but NoScript is one of the most important extensions you can have if you’re even remotely security conscious. Having a go at the author and spreading FUD about the extension just because he wants to make an honest living for his FREE work it a touch harsh I think. This was all resolved to be a simple misunderstanding anyway as I recall (as Steve B says, instigated by some underhand tactics from the AdBlock Plus devs), so the least you could do would be to update this blog with an accurate picture.