Mozilla have issued an official warning about a script vulnerability that could lead to hackers taking over their machine. The bug is only triggered when certain types of extensions are installed i.e. those that are “flat” which means that they don’t package their files in a JAR archive. Examples include Download Status Bar and Greasemonkey.
However, Mozilla have only labelled the security priority risk as normal but they do recommend installing the No Script extension in the meantime. No Script basically prevents unauthorised scripts running in Firefox without your consent. A script is basically a command that executes in your browser and can potentially take over your PC. Normally they are harmless but they can be triggered by Trojans or third parties through “holes” in your browser to gain control of your machine or insert a virus.
NoScript is not the only solution out there though although it’s the only one specifically designed to protect Firefox. You can also use AnalogX Script Defender as an extra security measure. This program intercepts any request to execute the most common scripting attacks such as Visual Basic Scripting (.VBS) and JavaScript (.JS). It’s designed as a catch all solution to protect your browser, e-mail client and any other application which connects to the net.
For more details on using NoScript with Firefox, check this tutorial:
[youtube]BKW5SMvMKtY[/youtube]
