Comments on: Fancy Clickjacking, Tougher NoScript

By: Basti

Basti — Tue, 12 Jul 2011 17:20:55 +0000

Nice work. In case you’re wondering about a "clickjacking report" on one of the demos kindly provided by Krzysztof Kotowicz, that was me. I loaded the page and disabled the protection. The warning came up and I clicked the button right to "OK" as I assumed it would be "Cancel".

FF security is much greater with NoScript.

By: tommy

tommy — Tue, 12 Jul 2011 06:31:18 +0000

Or, one could defeat #2 by avoiding obviously risky sites and protocols like Facebook, Twitter, and OAuth. But they won’t.

Otherwise, what KK said.

btw, should I be worried that I have to allow an iFrame recaptcha to post here? And copy/paste text from it into a box? ;)

By: Krzysztof Kotowicz

Krzysztof Kotowicz — Mon, 11 Jul 2011 14:23:49 +0000

Yay :) Congratulations on fast patches - NoScript really is a 0-day-style security tool :) If only Firefox would disallow framed view-source: in the first place…