Joined March 2009
- Tweets 79
- Following 4
- Followers 748
- Likes 70
Photos and videos
NoScript's website just got a new tagline for the month.
#pridemonth #pride #privacy #security
noscript.net/?month=pride
1
103
NoScript π noscript@mastodon.social retweeted
I thought it was the usual DDOS spidering fuckery by Bytedance (TikTok) putting @noscript's support forums on their knees, but...
APPLE ENGINEERING, WTF?!!!
"Ambassador" Tim Cook, his new CEO & their minions embracing the dark side really hard πͺ±π
ALT A screenshot of ma1's terminal showing his custom crowdsec profile blocking thousands of DDOSing subnets owned by APPLE ENGINEERING.
2
2
248
NoScript π noscript@mastodon.social retweeted
And that's why the dependencies of @noscript NoScript Commons Library amount to a grand total of 5 self contained, vendored source files.
Mar 31
There is a project on GitHub called Axios.
Axios is extremely popular. It is used by millions upon millions of applications.
Axios is a programming library that helps your JavaScript code make HTTP/S requests (communicate with websites).
In simple terms, if you're a programmer doing something with JavaScript, and want to do stuff that communicates with a website in literally any capacity, people heavily recommend using Axios due to its simplicity. Using Axios you don't have to reinvent the wheel and do a bunch of work. All you need to do is import Axios into your code and you're off to the races.
Someone (currently unknown) compromised Axios (currently unknown how) to deliver malware to people. When someone updates or installs Axios, Axios itself contains malware.
What the malware does is (currently) unknown, but it is being reversed engineered by probably every malware analyst on the planet at this moment. In a few hours more details will emerge. Information is being exchanged in real time on social media and private communication platforms as I write this.
Due to the size and popularity of Axios, it is unknown how many are impacted, it could be millions, it could be thousands, or if we're lucky, only hundreds of people or organizations will be impacted.
If this is absolute worst case scenario, millions of organizations across the planet have been infected with malware which (currently) we do not understand. However, the likelihood of this is low. It appears Axios being compromised was detected quickly, potentially within minutes (or hours) of it being compromised to deliver malware. Additionally, the likelihood of every single Axios user updating Axios as soon as it was compromised to deliver malware is astronomically low. It is basically zero.
The impact from Axios being compromised is devastating, the fallout from this will be a massive headache. This is unironically a malware nuclear missile and will likely be studied in the future.
3
5
347
13.6.6 just out:
- "S" gesture optional & disabled by default
- Enable it in Options>Appearance to skip the new Android Firefox menu 3 taps navigation
- Lowered activation threshold tooltip to guide the gesture
Thanks for your patience, and your past & future feedbackβ€οΈ
2
3
5
188
New "S" gesture for Android in NoScript 13.6.x, along with other less visible improvements in policy enforcement, both in NoScript proper and in the NoScript Commons Library.
noscript.net/getit
New @firefox for Android menu buries extensions deep down into a click pit. But now you can summon your @noscript quicly by sketching a "S" on the web pageπ
1
2
202
Casual reminder about NoScript's mitigations going far beyond selective #JavaScript execution (on @firefox-based browser at least, such as @torproject & @mullvadnet).
#ConsensualBrowsing
It couldn't work in the Tor Browser, neither in the @mullvadnet Browser, because of @noscript's noscript.net/usage/#lan-prot⦠(independent from #JavaScript blocking, which may help as well).
1
1
3
128
NoScript π noscript@mastodon.social retweeted
The quick @firefox jumps over the lazy laptop.
ALT A picture of a brand new Firefox plushie sitting on ma1's laptop.
1
2
111
π―NoScript 13.5.6 is out!
Main news:
- New option to disable automatic page reloading on permissions change
- Fix quirks mode rendering bug on cold load of pages from file:// URLs
β¬οΈ noscript.net/getit
3
5
131
29 Nov 2025
#NoScript 13.5 is out, with many user experience improvements:
- cascade permissions" mode
- onboarding / site classification behavior panel
- many content #usability and #security enhancements
Special thanks to @OpenTechFund for their strenuous support!
noscript.net/
ALT A screenshot of the new NoScript Onboarding / Site Classification Behavior page. Text: **Site Classification Behavior** Please select the way NoScript behaves when encountering unclassified sites. You can revisit this choice from the NoScript Options page and whenever you reset NoScript. - STRICT / Default Deny The traditional and most secure NoScript behavior: unclassified sites, marked as "DEFAULT", are NOT considered trusted. Potentially harmful capabilities, including scripts, are disabled. You can manually enable the sites you trust by opening the NoScript interface and marking them as "TRUSTED", or further customize their capabilities by selecting "CUSTOM". - EASIER / Auto A compromise between security and convenience: the top level site, whose address is shown in the navigation bar, is automatically promoted to "Temporarily TRUSTED" unless already manually classified. 3d party sites still need to be classified manually. Cross-site protections are still enforced.
1
5
335
29 Oct 2025
"We decided to move control of Wasm to @noscript, which bundled with Tor Browser & already manages #JavaScript & other security features.
Wasm now works on privileged browser pages such as the PDF renderer, but NoScript will continue blocking the technology on regular websites"
28 Oct 2025
π Tor Browser 15.0 is now available! Our first stable release based on Firefox ESR 140, incorporating a year's worth of changes. Download now from the Tor Browser download page: blog.torproject.org/new-releβ¦
2
3
209
NoScript π noscript@mastodon.social retweeted
20 Oct 2025
Both disturbing and bizarre.
Why is an administration that says it supports open-weight models and real competition in AI deleting government materials that support its position?
20 Oct 2025
New, from me and @kellymakena: The FTC is disappearing blog posts about AI that were written during Lina Khanβs tenure as FTC chair wired.com/story/ftc-removes-β¦
21
285
1,694
99,526
20 Oct 2025
NoScript 13.2.2 is out:
- Works around a a long-standing breakage on Proton Mail
- Erases temporary permissions when last tab is closed on Android, as a work-around for the "Quit" browser menu command actually keeping Firefox alive, even if hidden.
noscript.net/getit
2
3
154
NoScript π noscript@mastodon.social retweeted
16 Oct 2025
π¨ Double your impact π¨
Although the modern internet has been corrupted by rampant privacy violations and pervasive government spying, we have the power to FREE THE INTERNET from the chains of censorship and surveillance. βοΈβπ₯
Donate today to take advantage of our match offered by Power Up Privacy and support a free internet. This means a $25 donation will have a $50 impact.
torproject.org/donate/donateβ¦
ALT All donations will be matched, up to $250,000
6
24
106
8,578
13 Oct 2025
"Your WAF can't see this."
My users can (hope they're your customers)π
13 Oct 2025
Your WAF canβt see this.
Attackers are skimming payment data right now through unmonitored JavaScriptβwhile your dashboards stay clean.
The worst part? Itβs happening in your customersβ browsers.
See what every retailer must fix before Black Friday β thehackernews.com/2025/10/whβ¦
1
1
106
NoScript 13.1 is out.
- New wasm capability for per-site WebAssembly control
- Fix for some visual breakages where unrestricted CSS is off
- Best effort avoidance of extra tab bars for AI Chatbot sidebar detection
noscript.net/getit
1
3
7
438
Based on reports up to September 2025:
Chrome: 6 zero-days exploited (e.g., CVE-2025-10585, per The Hacker News, SocPrime, and Google updates).
Firefox: 3 zero-days exploited (CVE-2025-2857, CVE-2025-4918, CVE-2025-4919, per Bleeping Computer, The Hacker News, and Mozilla advisories).
NoScript can help mitigate unknown vulnerabilities by blocking JavaScript execution, a common exploit vector (per NoScript docs and security analyses).
2
4
258
NoScript π noscript@mastodon.social retweeted
25 Sep 2025
π₯#chrome #0day actively exploited in the wild.
π¦ Switch to @firefox
π« use @noscript
π² On Android, too
#zerodayattack #zerodayexploit #security
25 Sep 2025
π¨ CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks
Read more: cybersecuritynews.com/cisa-gβ¦
CISA has issued a warning about a high-severity zero-day vulnerability in Google Chrome that is being actively exploited in attacks.
The vulnerability, tracked asΒ CVE-2025-10585, has been added to CISAβs Known Exploited Vulnerabilities (KEV) catalog, signaling an urgent need for users and administrators to take action.
#cybersecuritynews #Vulnerability
1
3
358
NoScript π noscript@mastodon.social retweeted
27 Aug 2025
Since you mentioned @mullvadnet, their Mullvad Browser should be on top of the list: no Google/Chromium/fascist shit, just privacy and security in mind, VPN-optimzed, made by the @torproject π§
from a stripped down and hardened @firefox π¦, with integrated uBlock & @noscript π«
1
3
391
NoScript π noscript@mastodon.social retweeted
19 Aug 2025
π―PSA to Win 7/8 and macOS 10.x @torproject browser users:
β οΈLEGACY CHANNEL EOLβ οΈ
Tor Browser 13.5.21 is based on the last 115.x ESR version officially announced by @mozilla, thus we can't guarantee further 13.5.x updates.
Please upgrade to 14.5.x ASAP!
blog.torproject.org/new-releβ¦
6
18
6,526
NoScript π noscript@mastodon.social retweeted
14 Aug 2025
We're always looking for more great people to join the Tor Project team. Right now, we're seeking values-driven leaders and specialists to help shape our future. Join us in building a stronger organization:
- π₯ Director of People and HR
- π§ Senior Director for Internal Structures and Support
- π Nonprofit Accounting Specialist (Part-time)
Whether you're passionate about culture, strategy, or numbers, thereβs a role for you here. torproject.org/about/jobs/
21
56
10,330