Firefox extension blocks dangerous Web attack

A popular security tool for the Firefox browser has been upgraded to block one of the most dangerous and troubling security problems facing the Web today.

The new improvement to NoScript, called ClearClick, can detect if there is a hidden, embedded element within the Web page. It then displays a warning message asking the user if they still want to click on it.

Maone said ClearClick will likely stop all clickjacking attempts. NoScript is only for the Firefox browser, so users of Microsoft's Internet Explorer -- the most-used browser in the world -- are vulnerable.

Web site owners, however, can take one step to prevent their users from falling victim, Maone said. Programmers can use a script on their Web sites that checks to see if a Web page is embedded in another page. If so, the script forces the good Web page in front, preventing clickjacking, Maone said.

The technique is called "framebusting." Ebay's online payments service, PayPal, which is frequently targeted by cybercriminals, has already implemented framebusting, Maone said. NoScript will allow a framebusting script to run, Maone said.

"The best thing that can happen is that Web site owners start to think more carefully about security," Maone said. "It is important that Web site owners spread the word that they should implement framebusting."

Clickjacking is a serious, potentially long-term problem for browser developers. Since the attack is enabled by a feature within HTML, it demands changes to the HTML specification.

Web standards groups are currently working on HTML 5, a specification that will incorporate new features into the programming language to accommodate future Web design. But the standards process moves slowly, and changes to HTML could break existing Web pages, Maone said.

"For the user, I'm afraid there's no fix but NoScript for the time being," he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags firefox add-onclickjacking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?