23
01
2008
Old NoScript Tricks Blocking New Vulnerabilities
Posted by: Giorgio in Mozilla, Security, NoScriptIt happened in the past and it's happening again: a new directory traversal vulnerability with potential for private data exposure has been publicly disclosed and confirmed by Mozilla, but NoScript users have been protected since August 2007.
NoScript prevents all chrome: URIs from being loaded as scripts in web content, effectively neutralizing this bug (and a bunch of related ones), no matter if the attacker site is "trusted" (i.e. allowed to executed JavaScript) or not.
Security bugs may live ten days only...
A NoScript fix is forever :)