previous A Fistful of Pixels
Fancy Clickjacking, Tougher NoScript next
01 07 2011

XSS and Clickjacking Protection for Android

Posted by: Giorgio in Clickjacking, XSS, Mozilla, Security, NoScript

ClearClick anti-Clickjacking on Android

NoScript 3.0a3 for Firefox Mobile is out, bringing three of the major "classic" NoScript features to your Android smartphones:

  1. Easy per-site active content permissions management.
  2. The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
  3. ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.

Still some road ahead for convergence between the desktop and the mobile versions, but we're already past the biggest challenges...

A huge thanks to the NLNet foundation, and to many individuals, institutions and companies using NoScript, for their generous support to this project.

This entry was posted on Friday, July 1st, 2011 at 12:49 am and is filed under Clickjacking, XSS, Mozilla, Security, NoScript. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

2 Responses to “XSS and Clickjacking Protection for Android”

  1. #1 Zirro says:
    July 3rd, 2011 at 9:16 pm

    I think it's great that you're doing a full rewrite of the NoScript code. Sometimes that is a much better option than modifying what exists. I would like to know though, will there be any loss of current functionality/options or will everything available in 2.x be present in 3.0 as well?

  2. #2 Giorgio says:
    July 3rd, 2011 at 11:35 pm

    @Zirro:
    The aim is feature parity with current desktop version, except for legacy Firefox compatibility (it certainly won't be compatible with Fx 3.6, maybe not even with Fx 4/5) and for features which have been implemented in the core browser over the years, even if anticipated by NoScript (e.g. X-Frame-Options or HSTS).

Bad Behavior has blocked 3590 access attempts in the last 7 days.