Did you know that with java script DISABLED in Firefox:
only 3 of the 13 most critical securityholes found in firefox would affect your settings even if you still used version 3.0? And all 3 securityholes rated high would not have affected your setup what so ever
and 3 out of five in the Moderate rated security holes would not effect you either.
Disabling Java-script when browsing infected sites makes you more secure, its no doubt about it.
Using safesurf also helps improve your security somewhat.
But mozilla said that they patched all those security holes why should I worry now?
There is something called zero-day attacks, and of course they will find more holes in the FireFox browser.
Some sites will simply stop working.
And others will not function the way they are supposed to.
While it improves the security somewhat it makes your web experience less future rich.
A good way to come around this is by downloading the NO-script add on https://addons.mozilla.org/sv-SE/firefox/addon/722
NoScript and SafeSurf will take care of these. When full Memory Firewall in CIS is out next release it will improve protection even further for the ENTIRE system and not just the browser, And will cover these flaws. (:WIN)
One problem still remains though; if the NoScript whitelisted site you visit is hijacked. Not very unusual I think, for those large sites most people visit every day - news, media, communities, whatever.
But anyone can be defeated by probability.
For example by luck I were installing (Defense+ was in installation mode) and surfing in the same time and in the same time I got on the site which in the same time was been hijacked and in the same time was been in thrusted sites in NoScript.
Needed to reinstall Windows ;D
“Q: What is XSS and why should I care?
If you’re the technical type and you want to learn more about XSS, you may enjoy reading the excellent Cross Site Scripting Attacks: Xss Exploits and Defense book.”
Thx for claryfying XSS, I knew briefly about it. Still, I guess if a hacker really comes into a system, he can replace code on websites without the need of XSS. In other words, bypassing XSS. These are just my thoughts, I don’t know how hackers perform their attacks. It is clear that NS provides an excellent protection…
I normally set my NoScript to deny all sites. Only when I visit I use the temporary give permission option if it is needed. Of course I know this will still not guarantee safety but you can never know.