5 Firefox Add-Ons for Secure Web Browsing

Here are some important Firefox add-ons to consider for anyone browsing the Web outside a trusted network, to protect against Web-based exploits, and more general security risks.

NoScript: This Firefox extension allows the user to enable or disable Java, JavaScript, Flash, Silverlight and other plug-ins (which could be malicious) for all sites unless the sites are specifically marked as trusted, directly from the status bar. These can also be temporarily allowed on any given site without adding it to a whitelist. NoScript also protects against Cross Site Scripting attacks, and ClickJacking (also known as UI Redressing) attacks that cause users to click on buttons which are obscured by other page elements.

CS Lite Mod: This simple add-on allows users to selectively or globally block cookies from websites, and view edit and delete them directly from the status bar. It does for cookies what NoScript does for scripts and plug-ins.

ShowIP: ShowIP helps against phishing attacks by displaying the IP address of the current website in the status bar at the bottom of the browser. While this is of limited use in itself (unless the user happens to know the IP address of the web site they want to visit,) right clicking on the IP address shown in the status bar brings up a number of options, including running a whois lookup to confirm the registered owner of the IP address concerned.

WOT (Web of Trust): The WOT add-on gives a trustworthiness rating for sites that users visit based on feedback from other WOT users, access from a WOT button in the address toolbar. The button itself changes color depending on the trustworthiness of the site, giving an instant warning when a user visits a site that may be a source of malware. For some sites, such as those rated dangerous, WOT brings up a warning screen with the options to proceed to the site, add it to a white list, or to find out more information about the nature of the dangers that other users have reported.

Master Password Timeout: Firefox has the ability to remember and enter passwords for sites you may visit, and these passwords can be protected with a master password. If the master password is long and not guessable but stored in your head (i.e. not written down) then having Firefox remember passwords can be a very secure solution. The problem is that once the master password is entered Firefox gives you access to passwords without prompting for the master password until it detects five minutes of inactivity. This is a potential security risk if you leave the laptop unattended for a minute or two in a public place. To prevent this, Master Password Timeout allows you to specify your own, shorter timeout period. The master password can also be “logged off” manually from the Tools menu once Master Password Timeout is installed.

DID YOU KNOW...  According to IBM Internet Security Systems X-Force team 2008 Trend & Risk Report "the number of vulnerabilities affecting Web applications has grown at a staggering rate. In 2008, vulnerabilities affecting Web server applications accounted for 54 percent of all vulnerability disclosures and were one of the primary factors in the overall growth of vulnerability disclosures during the yea