Why we have NoScript installed by default in FF or Flock Sulfur!

[polonus]

Hi malware fighters,

Without running malicious code people can collect loads of information you would not like to give out when you were aware through some renaissance script. Want to see what they may know about your browser in that case: http://ha.ckers.org/mr-t/ with javascript enabled. Got the message this time?
PS the link given is clean, checked against http://online.drweb.com/?url=1

polonus

P.S.
For those to analyse the code: http://ha.ckers.org/mr-t/mr-t.cgi
If LocalRodeo is detected, this is not built inside FF or Flock, but it is misinterpreted for
when FW settings outbound connections to localhost: DENY), LocalRodeo will be incorrectly detected.
Inspiration for it may be found here: http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html
Ironically LocalRodeo ( http://databasement.net/labs/localrodeo/ ) was a predecessor tool for NoScript, but all it did is incorporated by NoScript now.

Damian

[Zagor]

NoScript for Firefox here, up and running!

[polonus]

Hi Zagor,

Michal Zalewski discovered just a couple of Firefox and IE browser vulnerabilities that still are not patched.
http://seclists.org/fulldisclosure/2007/Jun/0026.html
Good news here with NoScript installed none of them threaten you.
Firefox with NoScript installed is the safest browser around.

polonus

[Zagor]

Hi Polonus,

Thank you for this constant information supply, it's always usefull! Yes, I do prefer NoScript, not only for it's security benefits but since I'm testing sites that I build, it's quite handy turning JavaScript on and off in one click.