Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Security vulnerability discovered in Firefox NoScript tool

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

July 1, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Internet security researcher Linus Sarud has reported a vulnerability in the popular Firefox security tool NoScript that allows hackers to have their malware whitelisted on many systems.

The 'security tool' is used by about two million+ security-and-privacy-conscious people who want to stop active content like JavaScript and Flash getting a foothold in their systems.

Such users will be disappointed to learn that Sarud says attackers could upload their net menace of choice to any free Google subdomain and have it slip through NoScript's security protection device.

The researcher says blanket whitelisting of means that he was able to create a script that could pass on default NoScript configurations and be executed within user browsers.

"My first thought was to try to find some interesting subdomain to any of these domains, such as an old forgotten domain still pointing to a service online, Särud said.

Särud notified Mozilla which quickly altered the whitelist entry for to instead allow only Google's hosted libraries at to work.

The researcher then probed NoScript after fellow hacker Matthew Bryant found a host of disused default whitelisted domains and purchased one to successfully launch attacks that bypassed the default installations.

Bryant intended to launch a store cross-site scripting attack on a subdomain trusted by default for any out-of-the-box whitelisted domains.

That venture was cut short when he found the whitelisted was available for purchase at just $10, so he snapped it up and used it to point at his JavaScript payload.

"I encourage everyone to please purge your whitelist. Remove everything you don't trust," Bryant said.

"It is my opinion that universal bypasses for NoScript should actually be quite easy to find since the default whitelist exposes so much surface area," he added. NoScript users can review their whitelists through the options feature, nevertheless.

Source: Linus Sarud.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer