NoScript vulnerability allows malicious scripts to run unchecked

Security researcher Linus Sirud has uncovered a security vulnerability in the popular NoScript browser extension that could allow an attacker to run arbitrary JavaScript in a victim's browser. An exploit of this vulnerability could expose private data or lead users to download malicious software.

The attack works because NoScript has a limited whitelist of trusted domains, allowing the host browser to load commonly-used tools from ...

Read more...