NoScript is multi-process compatible now
NoScript, the one must have add-on for Firefox if you ask me, has received an update recently that introduces full multi-process compatibility (e10s).
This paves the way for enabling Firefox's multi-process architecture if NoScript is installed.
Mozilla is still in the process of enabling Firefox's multi-process architecture on systems running the stable version of the browser.
One main reason for spreading the enabling of the feature over several releases is that not all add-ons are yet compatible with the architecture.
To avoid incompatibilities and monitor the situation better, multi-process Firefox has been enabled for Firefox installations without add-ons and Firefox installations with safe add-ons only up until now.
The next step is to enable it for Firefox installations with add-ons that are not explicitly marked as incompatible with the multi-process architecture. Mozilla runs a test on Firefox Beta currently to monitor this.
NoScript is multi-process compatible now
NoScript Security Suite is one of the most popular browser extensions for Firefox. It has a five star rating over at Mozilla and is used by 2.15 million users.
The changelog on the official NoScript website highlights the improvement:
v 2.9.5
Full e10s compatibility
Fixed big whitelists being reset to default permissions on
e10s-enabled browsersv2.9.5.1
Fixed some pages not loading on 1st attempt when e10s is
enabled
What this means is that NoScript will play fine with Firefox's new multi-process architecture, and should not block it from being enabled by default any longer. NoScript users can use the extension if e10s is enabled in Firefox. While there is still a chance for bugs, the general implementation is stable so that most NoScript users should not experience any issues with multi-process enabled.
Mozilla's own Are We e10s yet website provides you with information on add-on compatibility. According to the site, about 2100 add-ons are known to be compatible, while only 19 are incompatible.
While that sounds good, there is this large chunk of 16900 add-ons that are listed as unknown. Unknown means that they have not been verified yet or reported by users who run the add-on compatibility reporter.
NoScript 2.9.5 ships with several other improvements on top of multi-process support that are worth mentioning:
- Fixed bug in secure cookie enforcement.
- Fixed automatic reload issues.
- MediaSource blocking support.
- Pale Moon support (untested).
- Improved auto-reload responsiveness and precision.
- Fixed sites involved in background requests not reported in UI.
- Fixed file:// replacements broken.
- Fixed typo in XSS Filter which broke JSON cross-site requests.
Doesn’t really matter anymore. I’ve got multi-process incompatible addons running and still 1/1 working electrolysis, because of:
Open Firefox
Enter about:config in the address bar
Set browser.tabs.remote.autostart to true
Set extensions.e10sBlocÂkedByAddons to false
Set extensions.e10sBlocÂksEnabling to false
Restart Firefox
Interesting, but it depends on what you want to do. YesScript’s developer says :
“Unlike NoScript, YesScript does absolutely nothing to improve your security. I believe that Firefox is secure enough by default and that blocking all scripts by default is paranoia. YesScript strives to remove hassles from your browsing experience, rather than add them.”
It’s just not the same beast.
I never understood the appeal of NoScript… Blacklisting all domains and the painstakingly allowing them to work one by one seems like a waste of time… I use YesScript, which is the exact reversal… I allow scripts from all domains, until I choose to block them…
It’s too late for NoScript. Installed uMatrix and never looked back.
uMatrix cannot replace NoScript. I’m pretty sad about this fact because uMatrix’s UI is unrivalled in my book.
Even running NS with JS allowed alongside uMatrix, leaving script allow/disallow up to uMatrix doesn’t cut it because there are security features within NS that act differently when JS is on or off.
We’ll just have to wait for Giorgio to modernize NoScript’s UX because no replacement can cut it, it’s just that good.
uBlock Origin is the one must-have addon. It is able to block scripts and much more.
– “NoScript, the one must have add-on for Firefox if you ask me” –
I agree Martin. Browsing the Web without NoScript is painful and intolerable. First thing I do is install Firefox, then add on NoScript.
I find NoScript easy to configure, easy to manage, and very usable. Blocking scripting is probably the best ‘front-line’ defense a person can have out there on the wild-wild-web.
This guy carlo von lynX rants against capitalism. I support capitalism. I don’t trust this guy. Vague accusations usubstantiated by real knowledge and research.
As for the ad and the alleged malware, that’s a tenuous link with NoScript to say the least, and what is that blog anyway ? One post in November 2015, another in June 2016. Nothing else.
Respected and well-known security researchers encourage the use of NoScript. If there was genuinely something untoward to it, the word would have spread long ago.
“NoScript, the one must have add-on for Firefox” – it’s depend what you want in your browser!
Things to check before install:
https://liltinkerer.surge.sh/noscript.html
https://mailman.stanford.edu/pipermail/liberationtech/2015-April/015236.html
These are non-issues that have been cleared already.
Except for the ad on noscript.net that leads to a website hosting a potential malware file. I just checked and it’s true.
I consider Giorgio Maone trustworthy. He does make a point that he wants good income. He is a proud guy that can sometimes come out as slightly arrogant, but he is very competent and very patient and thorough. Definitely a guy I would rely on for work.
This malware thing however needs to be answered and corrected. It’s fair game to try to get around default adblocker setups in non harmful ways on his website, but the company with which he has an affiliate relationship should not be distributing malware.
I already asked him on the AMO page. No response and my comment was removed.
I have installed, uninstalled and reluctantly re-installed NoScript. It’s one of the most user-hostile applications I know. There’s no way for the normal user to know what it’s doing and interact with it in a reasonably intelligent way. That’s the price we pay for the dangerous place the Internet has become.