Firefox and Security Add-Ons for Linux - Secure Web Browser

Posted10 August 2016

Table of Contents

...Loading Table of Contents...

    Mozilla Firefox (or simply known as Firefox) is a free and open source web browser which is enhanced by the availability of numerous add-ons for it, including some that are designed to protect your privacy and security when you browse the web.

    Required reading

    What you will get from this guide

    • A stable and secure internet browser whose features can be enhanced by numerous add-ons.
    • The ability to protect yourself from potentially dangerous programs and malicious websites.
    • The ability to wipe the digital traces of your browsing activity.

    1. Introduction to Firefox

    This guide assumes that you already know how to use a web browser and will not cover the basic functions of Firefox. It will focus on security-related settings and extensions.

    1.0 Things you should know about Firefox before you start

    Firefox has many easy-to-use add-ons that improve your privacy and security when you browse the Web. You can choose which add-ons to install, and decide how to configure them, depending on your circumstances. If you are using a computer that is managed by someone else (at an Internet cafe, for example, or in your place of work), you might have to make these adjustments repeatedly.

    In addition to basic Firefox settings, this guide covers the installation and basic configuration of the following add-ons:

    Tactical Tech's App Centre covers additional privacy-enhancing browser add-ons.

    Important: The overwhelming majority of malware and spyware infections originate from webpages. It is important that you always consider whether it is safe to visit unknown websites, particularly those that are sent to you by email. Before you decide to open a webpage, we recommend that you scan the web address using the following page scanners:

    You can also check the reputation of a website using the scanners listed below:

    1.1 Other tools like Firefox

    Similar tools and alternatives for other operating systems.

    The Mozilla Firefox Web browser is available for GNU/Linux, Apple Mac OS X, Microsoft Windows and other operating systems. Websites are the most common source of malware infection, so accessing them securely is vital. We recommend that you use Mozilla Firefox and install the add-ons covered in this guide. If you would prefer to use a program other than Mozilla Firefox, the alternatives below are also available for GNU/Linux, Apple Mac OS X and Microsoft Windows:

    2. Install, configure and use Firefox

    Many Linux distributions come with Firefox installed by default, and most have a package management system or software center that makes it easy to install and update Firefox (along with any additional software that it requires to operate).

    Tip. Many Linux distributions include a trademark-free version of Firefox called Iceweasel, which is just the same tool with a different name.

    2.1. Install or Update Firefox

    You probably already have Firefox (or Iceweasel) installed. But, if you do not — or if you need to update it — you can follow the instructions in one of the sections below. It is extremely important that you keep your Web browser up-to-date. Firefox is easier to update if you install it using your package management system or software center, so we recommend using one of the first two methods below. But, if you need the latest version of Firefox for some reason — or if you want to install Firefox as a portable application (on a USB storage device, for example) — the Install Firefox directly from the developer section will show you how.

    Tip: It is normally a good idea to use the most recent version of security-related software, including Web browsers. However, Linux distributions typically incorporate security updates for the "older" versions of Firefox in their package management systems and software centers. Because of this — and because these versions are easier to update — we generally recommend installing and updating Firefox using a package management system or a built-in software center.

    2.1.1 (Optional) Install or update Firefox using a commandline package manager

    To install or update Firefox using a the apt commandline package manager that comes with many Linux distributions (including Debian and Ubuntu), follow the steps below.

    Step 1. Open Terminal

    Step 2. Execute the following command in Terminal

    sudo apt-get update

    Step 3. Type the passphrase that you use to log in to your computer and press Enter.

    This will refresh the list of software that that your package manager knows how to install and update.

    Step 4. Execute one of the following commands in Terminal

    • sudo apt-get install firefox
    • sudo apt-get install iceweasel

    2.1.2 (Optional) Install or update Firefox using your "software center"

    To update Firefox using a graphical software center application, follow the steps below:

    Tip: The instructions in this section are based on the Ubuntu Linux distribution, but many other distributions include some kind of software center. Some Debian variants also include an application called Synaptic Package Manager, which provides similar functionality. If you do not find an application called Firefox, look for one called Iceweasel. As mentiond above, it is the same application with a different name.

    Step 1. Launch Software Center

    Figure 1: The Ubuntu Software Center

    Step 2. Click in the Search bar

    Step 3. Type "Firefox"

    Figure 2: Searching for Firefox

    Step 4. Click the entry for Firefox Web Browser

    Figure 3: Software Center showing that Firefox is already installed

    If the button on the right says [Install], you can install Firefox. If it says [Remove], then Firefox is already installed. Even if it is already installed, however, you should make sure it is up-to-date by following the steps below.

    Step 5. Launch the Software Updater application that comes with your Linux distribution. (If it does not have one, refer to the Install or update Firefox using a commandline package manager section.) It will automatically begin refreshing the list of software that it knows how to install and update.

    Figure 4: Ubuntu's Software Updater refreshing its list of software

    When it is done, it will let you know whether any of the software on your computer (including Firefox) is outdated.

    Figure 5: Ubuntu's Software Updater showing that all software is up-to-date

    If you are up-to-date, you can click [OK]. If any of your software needs to be updated, we recommend that you follow Software Updater's instructions and update everything. You should then restart your computer as soon as it is convenient.

    2.1.3 (Optional) Install Firefox directly from the developer

    To install the latest stable version of Firefox, directly from the developer, follow the steps below:

    Step 1. Go to the Firefox download page

    Figure 1: Firefox download button

    Step 2. Click the [Free Download] button to download the Firefox archive file

    Step 3. Save the archive file somewhere convenient, such as on your Desktop in your Documents folder.

    In this section, we will assume the Firefox archive is on your Desktop.

    Step 4. Navigate to the folder where you saved the Firefox archive file

    Figure 2: The Firefox archive file

    Step 5. Double-click the Firefox archive file to enter the archive

    Figure 3: Inside the Firefox archive

    Step 6. Click [Extract] to choose a location for the Firefox application folder

    Figure 4: Choosing a location to extract the Firefox application folder

    Step 7. Navigate to the location where you want you extract the Firefox application folder

    Step 8. Click [Extract] to extract the Firefox application folder

    Figure 5: Extracting the Firefox application folder

    Step 9. Click [Close] to return to the Firefox archive

    Figure 6: Inside the Firefox archive

    Step 10. Click the X in the upper, right-hand corner to close the Firefox archive

    Step 11. Navigate to the location where you extracted the Firefox application folder in the previous steps

    Figure 7: The Firefox application folder

    Step 12. Enter the Firefox folder

    Figure 8: Inside the Firefox application folder

    Step 13. Double-click the firefox file to launch the Firefox browser

    Firefox will ask if you want to make it your default browser, as shown below

    Figure 9: The Firefox "Default Browser" screen

    Step 14. (Optional) Uncheck Always perform this check when starting Firefox

    Tip. If you plan to use this installation on other computers, you should uncheck this box.

    Step 15. Click either [Not now] or [Use Firefox as my default browser] to open the Firefox browser

    Figure 10: The Firefox browser window

    2.2. Configure search engines

    You can configure Firefox to use a search engine of your choice. To do so, follow the steps below:

    Step 1: Select Edit > Preferences in your Firefox menu bar.

    Figure 1: Firefox search preferences

    Step 2: Click Search in the side bar of the Preferences screen.

    You can now choose your default search engine and decide which other search engines should be accessible through the Firefox search box. We recommend DuckDuckGo as a default search engine because it does not track or profile its users, or share its users' personal information with third parties.

    Other privacy-focused search engines that you can choose to add as search engine options to choose in the Firefox toolbar’s search bar include:

    2.3. Configure privacy options

    You can configure the Firefox privacy settings by following the steps below:

    Step 1: Select Edit > Preferences in your Firefox browser menu bar.

    Figure 1: Firefox privacy settings

    Step 2: Click Privacy in the side bar of the Preferences screen.

    You can now change the Firefox settings related to privacy, third-party tracking, and browsing history by following the steps below:

    Step 3. Many websites collect information about you and allow third parties to gather data about the websites you visit. This is called tracking. Do Not Track is a system that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.

    To enable Do Not Track in Firefox, and minimise the tracking of your online activity, select the two options under the Tracking section. It is important to understand, however, that companies have the ability to ignore your choice and track you anyway. Here is a list of companies' commitments to honoring Do Not Track requests.

    Step 4. The History section lets you manage your Firefox browsing history preferences. Your browsing history is a list of websites you have visited using Firefox. The default option is Remember my browsing and download history, which means that Firefox will remember your browsing, download, form, and search histories. It will also accept cookies from the websites you visit. These cookies allow websites to record information on your device that Firefox will send back to them and their advertising partners.

    To prevent this, in the first option under History that starts with Firefox will:, you can change Remember history to Never remember history. Or you can change it to Use custom settings for history and set more detailed preferences in the History section.

    Step 5. The Location Bar section lets you choose the sources that Firefox will use to recommend Web address when you start typing in the Address bar. By default, it uses bookmarked Web addresses, open tabs, and websites that are in your browser history. You can uncheck any of these sources as you prefer.

    2.4. Configure security options

    You can configure the Firefox security settings by following the steps below:

    Step 1: Select Edit > Preferences in your Firefox browser menu bar.

    Figure 1: The Firefox security settings

    Step 2: Click Security in the side bar of the Preferences screen.

    You can now modify the Firefox security settings.

    All of the boxes under General should be checked. If they are not, we recommend checking them so that Firefox will

    • Warn you when websites try to install add-ons
    • Block reported web attacks
    • Block reported Web forgeries.

    The boxes under Passwords relate to Firefox's built-in password manager. If you check the Use a master password box, Firefox will encrypt the website passwords that it saves and prompt you for a master password whenever it needs to enter one for you. In general, we recommend using an offline password manager, such as KeePassX, to store your passwords. But, if you are going to allow Firefox to manage your website passwords, you should check the second box.

    2.5. Configure advanced options

    You can configure various advanced preferences for Firefox by following the steps below:

    Step 1: Select Edit > Preferences in your Firefox browser menu bar.

    Figure 1: The Firefox advanced preferences

    Step 2: Click Advanced in the side bar of the Preferences screen.

    The Advanced preferences screen contains five tabs:

    • General includes various usability options
    • Data Choices allows you to choose what data to send to Mozilla about your browser health, security and performance
    • Update allows you to determine how Firefox will handle automatic updates (including updates to your preferred search engines)
    • Network allows you to manage proxy settings, cached web content and offline user data
    • Certificates allows you to decide how Firefox should deal with cryptographic certificates (both when websites request a personal certificate from your browser and when Firefox is trying to determine whether or not an https certificate presented by a website is valid)

    The General tab includes a useful option that allows Firefox to prevent web sites from automatically redirecting you to another page or reloading themselves without your consent or knowledge.

    Figure 2: The General tab of the Advanced preferences screen

    Step 3. Check the Warn me when websites try to redirect or reload the page box

    2.6 Using privacy features while browsing the web

    In addition to the settings described above, Firefox provides two useful features that give you some control over the data that it stores, on your computer, about the websites you visit. They are the Clear recent history screen and Private browsing mode.

    Clear recent history

    To clear data about your browsing history that Firefox has already stored, follow the steps below.

    Step 1. Press the Control, Shift and Delete keys at the same time to activate the Clear recent history screen. (As an alternative, you can select History > Clear recent history from the menu bar.)

    Figure 1: The Clear recent history screen

    Step 2. Click the arrow next to the word Details to expand the list of what will be deleted

    Figure 2: Which types of browsing data to clear

    Step 3. Check the boxes next to the types of browsing data you would like Firefox to delete.

    In this example, we will clear everything except Offline Website Data and Site Preferences. If you are using this feature for the first time, you might want to start with something less aggressive.

    Step 4. Click the words next to "Time range to clear", to see how far back Firefox will go when deleting your browsing data

    Figure 3: Time range to clear

    Step 5 Select the time range for which you would like Firefox to clear history

    In this example, we will clear all of the browsing data (except Offline Website Data and Site Preferences). Again, if you are using this feature for the first time, you might want to start with something less aggressive.

    Figure 4: Firefox ready to clear your browsing data

    Step 6. Click [Clear now] to clear the selected browsing data.

    As an alternative to the above, you can use Firefox's Private browsing mode to prevent it from recording your browsing history at all.

    Private browsing mode

    To prevent Firefox from storing data about your current browsing session, follow the steps below.

    Step 1. Press the Control, Shift and P keys at the same time to open a Private browsing window. (As an alternative, you can select File > New Private Window from the menu bar.)

    Figure 5: A Firefox private browsing window

    Step 2. Browse the web using this window.

    Firefox will not record your browsing data while you use this window. This includes any tabs you might open within it. The window itself notes a few exceptions, including Downloads and Bookmarks. It also reminds you that Firefox itself cannot prevent those who might want to monitor your Internet connection (including your ISP) from tracking the websites you visit. For that, you will need Tor Browser.

    3. Firefox add-ons

    A Firefox add-on is software that adds new features or extends existing functionality. Add-ons include plugins, such as Adobe Flash, and extensions, such as NoScript. This section will show you how to disable potentially harmful plugins, then introduce a few useful privacy and security extensions, including:

    Other privacy-friendly add-ons for Firefox can be found through the Tactical Tech App Centre.

    3.1 Update or disable potentially harmful plugins

    The Adobe Shockwave Flash plugin and the Oracle Java browser plugin are often found to contain security vulnerabilities that could allow a remote user to assume control of your computer or to install malware. It is strongly advised that you disable both of those plugins in Firefox. For more information about how to disable or remove Java, please refer to Oracle's steps to disable Java for all browsers on your computer.

    To update your plugins, follow the steps below. To disable Adobe Shockwave Flash, see Step 9, below.

    Step 1. Launch Firefox

    Figure 1: Firefox

    Step 2. Click the button in the upper, right-hand corner of your browser window

    Figure 2: The Firefox Options menu

    Step 3. Click the Add-ons button

    Figure 3: The Firefox Add-ons menu

    Step 4. Click the Plugins tab on the left-hand side of the window

    Figure 4: The Firefox Plugins screen

    Step 5. Click the Check to see if your plugins are up to date link to open the Check Your Plugins tab

    Figure 5: The Firefox Check Your Plugins tab

    Step 6. Scroll down to check all of the plugins identified by Firefox

    Figure 6: More plugins on the Check Your Plugins tab

    Your plugins should fall into one of three categories:

    • If all of your plugins are up-to-date, continue with Step 9, below
    • Some of your plugins may appear next to a [Research] button. If you click [Research], Firefox will display search results that might help you update the corresponding plugin
    • If any of your plugins appear next to an [Update Now] button, you should click it and follow the instructions. In the figure above, Adobe Flash Player is an example of an outdated plugin

    Unfortunately, this method might not work to update some plugins — including Adobe Flash Player — unless you first update the list of software that your system knows how to install. To do this, follow the steps below.

    Step 7. Launch the Software Updater application that comes with your Linux distribution. It will automatically begin refreshing the list of software that it knows how to install and update.

    Figure 7: Ubuntu's Software Updater refreshing its list of software

    Step 8. Accept and install any updates identified by Software Updater. It will let you know when those updates have been installed.

    Figure 8: Ubuntu's Software Updater after everything is up-to-date

    Step 9. Click [OK]

    When Software Updater is done, you can restart your computer, if necessary, then check back with Firefox to make sure that Adobe Shockwave Flash has been updated.

    Flash vulnerabilities in are extremely common, however, and Adobe's support for the Linux plugin is limited. So you should disable the Flash plugin even if you are able to update it. To disable the Adobe Shockwave Flash plugin, follow the steps below.

    Step 10. Return to the Add-ons Manager tab that shows all of your Firefox plugins

    Figure 9: The Firefox Plugins screen

    Step 11. Click Always Activate if it is visible next to Shockwave Flash

    Figure 10: The Shockwave Flash activation menu

    Step 12. Select Never Activate to disable Adobe Shockwave Flash.

    Figure 11: Adobe Shockwave Flash disabled

    Note: If you select Ask to Activate, Firefox will let you know when a website tries to send you Flash content. You will then have the option to click [Allow], in the upper right-hand corner of your browser window, as shown below. However, we recommend that you fully disable Flash, especially if you were unable to update it to the latest version.

    Figure 12: Firefox prompting you to allow Flash content

    3.2. HTTPS Everywhere

    HTTPS Everywhere is an add-on that helps Firefox connect securely to websites that support encryption.

    When you access a page using a Web address that begins with "http://" (such as http://www.amazon.com), your connection is unencrypted. The information you send to and receive from that website can be seen by anyone with the ability to monitor your Internet traffic. This includes your (ISP) and many surveillance platforms.

    When you access a page using a Web address that begins with "https://" (such as https://www.amazon.com), your connection will be encrypted, and third parties will find it much more difficult to intercept the data you send and receive. Unfortunately, even websites that do support https often fail to redirect visitors to the correct Web address. This is the problem that HTTPS Everywhere was designed solve.

    HTTPS Everywhere maintains a list of websites that support https and automatically requests an encrypted connection for those websites—even if you click on a link (or enter an address into your browser) that begins with http.

    To install HTTPS Everywhere, follow the steps below:

    Step 1: Select Tools > Add-ons in your Firefox browser menu bar.

    Step 2: In the “Get Add-ons” section, type HTTPS Everywhere in the search bar and press enter. You should now have a list of all available add-ons in front of you, including HTTPS Everywhere.

    Figure 1: Finding the HTTPS-Everywhere add-on for Firefox

    Step 3: Click [Install], next to HTTPS Everywhere, to download and install the add-on.

    Figure 2:Installing HTTPS-Everywhere

    Step 4: Restart your Firefox browser to install HTTPS Everywhere.

    Step 5: Verify that HTTPS Everywhere was installed successfully by selecting Tools > Add-ons > Extensions in the Firefox menu bar. HTTPS Everywhere should be displayed, along with your other add-ons.

    Figure 3: HTTPS-Everywhere installed

    HTTPS Everywhere is now installed. When you connect to a website that is included in the list maintained by the add-on, and that supports https, your connection will be encrypted automatically.

    Note. When HTTPS Everywhere is working, you should still see "https://" in your browser's address bar. If you do not, then your connection is unencrypted.

    If you click on “Preferences” next to HTTPS-Everywhere, the following window should appear:

    Figure 4: HTTPS-Everywhere's "SSL Observatory Preferences" screen

    Here you can choose whether you want to use the EFF's SSL Observatory, which warns you about insecure connections or attacks to your browser. We strongly recommend that you use this SSL Observatory for better browser security.

    3.3. Privacy Badger

    Privacy Badger is a browser add-on that prevents third-party companies from tracking your online activities. It is available for Firefox, the Tor Browser, Chrome, and Chromium.

    To install Privacy Badger, follow the steps below:

    Step 1: Select Tools > Add-ons in your Firefox browser menu bar.

    Step 2: In the “Get Add-ons” section, type Privacy Badger in the search bar and press enter. You should now have a list of all available add-ons in front of you, including Privacy Badger.

    Figure 1: Finding the Privacy Badger add-on for Firefox

    Step 3: Click [Install], next to Privacy Badger, to download and install the add-on.

    Figure 2: Installing Privacy Badger

    When the add-on is installed, Firefox will display Privacy Badger's "Thank you" page

    Figure 3:Privacy Badger's "Thank You" page

    Step 4: Verify that Privacy Badger was installed successfully by selecting Tools > Add-ons > Extensions in the Firefox menu bar. Privacy Badger should be displayed, along with your other add-ons.

    Figure 4: Privacy Badger installed

    The Privacy Badger add-on is now installed and can help prevent (third party tracking](/en/glossary#third-party-trackers) of your online activities. You can click [Preferences] to change Privacy Badger's settings (though the default values are fine).

    3.4. Click&Clean

    Click&Clean is a browser extension that helps you clear your browsing history with just one click.

    Without privacy enhancing features, a browser can collect different types of information that it stores on the hard disk of your computer. Such data can include your location, browsing history, search history, cookies, cache, active logins and site preferences. This local storage can be deleted by manually cleaning your browser history with a tool like Click&Clean.

    You can install Click&Clean through the following steps:

    Step 1: Select Tools > Add-ons in your Firefox browser menu bar.

    Step 2: In the “Get Add-ons” section, type Click&Clean in the search bar and press enter. You should now have a list of all available add-ons in front of you, including Click&Clean.

    Figure 1: Finding the Click&Clean Firefox add-on

    Step 3: Click [Install], next to Click&Clean, to download the add-on

    Figure 2: Installing Click&Clean

    Step 4: Restart your Firefox browser to finish installing Click&Clean.

    Step 5: Verify that Click&Clean was installed successfully by selecting Tools > Add-ons > Extensions in the Firefox menu bar. Click&Clean should be displayed, along with your other add-ons.

    Figure 3: Click&Clean installed

    Alternatively, just look at your browser – the Click&Clean icon should be there now. If you click on the arrow next to it, you will notice that it offers a variety of features like incognito browsing, privacy testing, cookies, permissions and preferences.

    The privacy test feature gives you the ability to see what services are running on your browser that you might have forgotten about. The cookies feature shows you what cookies are currently stored on your computer. By using the permissions feature you can change your browser's default settings to enhance your privacy. These settings/permissions include blocking or asking for permission every time the browser wants to store your passwords, share your location and use your camera and microphone. Examples of how you can set your browser's permissions are shown below:

    Figure 4: The Click&Clean Permissions screen

    In the preference section you can also choose if you want to automate the cleaning of your browser data. You can also clear your browsing history every time you close your browser, so that you do not need to think about your browsing history again.

    Figure 5: The Click&Clean Preferences screen

    Note: As an alternative, you can use an external application like BleachBit for this purpose..

    3.5. NoScript

    When you visit a website, your browser automatically downloads content from that site. In addition to text and images, this content often includes scripts, which are essentially small programs that run inside your browser. NoScript is a Firefox add-on that prevents your browser from running such programs without your permission.

    The vast majority of these scripts are harmless and serve only to make webpages more interactive. Some of them are malicious, however, and some of them are third-party trackers capable of building a profile of your online activities.

    Unfortunately, No Script cannot automatically identify which scripts are safe and which are harmful. So, when you first tell it to Block Scripts Globally, it will prevent many websites from displaying properly. Once you start whitelisting scripts from different locations, however, things will begin returning to normal, and you will still be protected from potentially dangerous Web content.

    To install NoScript, follow the steps below:

    Step 1: Select Tools > Add-ons in your Firefox browser menu bar.

    Step 2: In the “Get Add-ons” section, type NoScript in the search bar and press enter. You should now have a list of all available add-ons in front of you, including NoScript.

    Figure 1: Finding the NoScript add-on for Firefox

    Step 3: Click [Install], next to NoScript, to download and install the add-on.

    Figure 2: Installing NoScript

    Step 4: Restart Firefox to install NoScript.

    Step 5: Verify that NoScript was installed successfully by selecting Tools > Add-ons > Extensions in the Firefox menu bar.NoScript should be displayed, along with your other add-ons.

    Figure 3: NoScript installed

    Your browser now supports NoScript and blocks malicious code from running on your computer.

    Although NoScript might seem a little frustrating at first (as the websites you have always visited may not display properly), you will immediately profit from the automated object-blocking feature. This will restrict pesky advertisements, pop-up messages and malicious code built (or hacked) into web pages.

    NoScript will run silently in the background until it detects the presence of JavaScript, Adobe Flash or other script-like content. At that point NoScript will block this content and status bar will appear on the bottom of the Firefox window. The NoScript status bar displays information about which objects (for example, advertisements and pop-up messages) and scripts are currently prevented from executing themselves on your system. But since NoScript does not differentiate between malicious and real code, certain key features and functions (for instance, a tool bar) may be missing.

    Some web pages present content, including script-like content, from more than one website. For example, a website like www.twitter.com has two sources of scripts (twitter.com and twimg.com). To unblock scripts in these circumstances, start by selecting the Temporarily Allow [website name] option (in this instance, Temporarily allow twitter.com). However, if this does not allow you to view the page you may determine, through a process of trial and error, the minimum number of websites required to view your chosen content. For instance, on Twitter, you need to select the Temporarily allow twitter.com and Temporarily allow twimg.com options, in order for Twitter to work. For websites that you trust and frequently visit, select the Allow [website name] option. Selecting this option permits NoScript to permanently list that website as trusted.

    Note: A vulnerability in NoScript was recently identified. We continue to recommend NoScript because this vulnerability does not present a threat unless you also install a separate (intentionally malicious) add-on. We strongly recommend researching add-ons before you install them and removing any add-ons that you do not need or about which you are uncertain.

    FAQ

    Q: Why would I want so many different add-ons to defend myself against malicious websites? If NoScript protects me from potentially dangerous scripts, for example, why do I also need other add-ons which function in a similar way?

    A: It is often a good idea to use more than one tool to address the same general security issue (anti-virus programs are an important exception to this rule, since they tend to conflict with one another). These Firefox add-ons use very different techniques to protect your browser from a variety of threats. NoScript, for example, blocks all scripts from unknown websites, but users tend to 'whitelist' the websites they visit frequently, which allows them to load potentially-malicious scripts. NoScript users also tend to allow unknown sites to load scripts, on a temporary basis, if those scripts are necessary for the page to function properly.