On 25/01/06, Florian Kulzer <[EMAIL PROTECTED]> wrote: > Johannes Wiedersich wrote: > > [...] > > > Closer inspection shows that this is not due to the embedded images, but > > the source code contains javascript as well that is pointing to the > > external server. > > > >> NB 2: I consider this a security hole: > > > > > > It would be nice, if site specific configuration of java and/or > > javascript was possible with Mozilla as is implemented for images, > > popups etc. > > Try the "noscript" extension. It allows you to manage javascript > permissions on a per-site basis. All javascript is forbidden by default > and you get a small icon on the bottom of your browser window which > indicates the javascript-status of the current site. You can then change > the permissions via a handy pop-up menu when you click on this icon. I > like especially that it allows me to use the javascript functionalities > of a certain site while still blocking all the embedded javascript from > other sites (which is normally related to marketing and user tracking). > > Unfortunately I don't know of any comparable extension for java. The > "prefbar" extension will at least allow you to switch it on and off > quickly without having to go three levels deep into the preferences > menu.
NoScript, (4.54 stars, 210668 downloads) Extra protection for your Firefox: NoScript allows JavaScript, Java (and other plugins) only for trusted domains of your choice (e.g. your home-banking web site). This whitelist based pre-emptive blocking approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality... Experts will agree: Firefox is really safer with NoScript ;-) Looks like NoScript handles Java too. -- ~ Darryl ~ [EMAIL PROTECTED] http://smartssa.com / http://darrylclarke.com
