October 17, 2011, 8:56 AM — The developer of the widely used Firefox extension NoScript has released a version for the Android and Maemo operating systems.
NoScript's developer, Giorgio Maone, wrote on his blog on Saturday that porting the application for Firefox on Android and Maemo was not easy, as it was a full rewrite of the extension, and "there's still a lot of work ahead."
The mobile version, called NoScript 3.0a8, includes protection against cross-site scripting attacks, in which a script drawn from another website is allowed to run that shouldn't. Cross-site scripting can allow an attacker to steal information or potentially cause other malicious code to run.
It also can block "clickjacking," another kind of attack where a user is tricked into clicking on certain parts of a Web page with hidden buttons that perform malicious actions. Those hidden buttons are delivered by an invisible iframe, which is a window that brings other content into the target website.
In 2008, researchers Robert Hansen and Jeremiah Grossman discovered a clickjacking attack involving Adobe Systems' Flash application that could give remote access to a victim's Web camera and microphone.
There are around 1,000 pieces of malware circulating for mobile devices, which pales in comparison to malware built for Windows desktop operating systems. But security analysts predict that mobile phones will increasingly be attacked for the sensitive data stored on the devices.
Maone wrote that NoScript does not require the browser to be restarted after updates are installed, which "means that hot fixes for new security threats can be deployed in a more effective, timely and convenient way."