Security Expert Recommends (Firefox Addon) NoScript TabNabbing Default be Changed
Prevent TabNabbing with Firefox's NoScript Addon Since v1.9.9.81, the Firefox Addon "NoScript" has included the capability to block the refreshing of content on unfocused tabs (unfocused meaning not the current tab[s] in use) in order to prevent Tabnabbing (which is basically the hijacking of one of your browser's unfocused tabs for malicious purposes).
In episode 253 of the Security Now podcast, Security Expert Steve Gibson recommended changing NoScript's default (option 1), which only blocks refreshes on Untrusted (sites), Unfocused tabs to blocking Unfocused tab refreshing on both Trusted and Untrusted (sites), which is option 3. This change in the NoScript' Addon cannot be made through NoScript's GUI options but must be made through Firefox's address bar as follows:
- In Firefox's Address bar, type "about:config" (without the quotes) and hit enter
- In the filter text field, type "noscript.forbidBGRefresh", without quotes
- Right Click on the "noscript.forbidBGRefresh" entry and select "modify"
- Change the integer value from 1 to 3 (see the screen capture above) and click "ok"
- Close your browser and re-start
Note: The line below the "noscript.forbidBGRefresh" entry entitled "noscript.forbidBGRefresh.exceptions' is to add any site where the blocking of unfocused tab refreshing affects a site's function. For further details about TabNabbing and changing the NoScript Addon settings, please see the Security Now transcript (PDF) for podcast episode 253, which is available at the following URL: http://www.grc.com/sn/sn-253.pdf For further information about virtual volunteering, visit Online Volunteering Tips, Technology and Tools or Pioneering Online Volunteering Program Developer Randy Tyler.
