New add-on for a more secure ff browser: http://www.requestpolicy.com/
RequestPolicy is a Firefox extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.
It is compatible with Firefox 3+. It works wherever Firefox does (Linux, BSD, Mac, Windows, etc.).
Status: beta
Although it is still considered beta software, it is very usable.
This was Giorgio Maone’s opinion (maker of the NoScript extension):
that sounds like a good idea against CSRF.
Actually there's a new NoScript component called ABE (Application Boundaries Enforcer) currently under development, which will be very similar in intent, but likely more flexible than that (e.g. by allowing/denying POST vs GET requests, or framed requests following firewall-like rules).
Until this comes in I will use requestpolicy, together with Firekeeper,
It works like NoScript but then considering redirects (choose from allow, temporarily allow, revoke, allowed destinations, blocked destinations), so it is an important instrument in protecting you against cross site scripting attacks. That is why our friend Giorgio Maone want to bring this functionality to NoScript. We ever find little blind corners where other add-ons do not help to protect against vulnerabilities, either in the security or in the privacy range, and some are really vital to protect against malware infestations, my friend. Some average users don’t even know these items exist, because the public is not eductated about the dangers of the likes of Super Cookies, Web bugs that do not work through JavaScript, etc. etc.
Analyse this big threat that is out there now, that is only found up through RUBotted (I have it on), an attack for ad-serving and malicious bot-serving performed from this IP: 150 dot 70 dot 89 dot 33 port 443: read full story here: http://mice.org/blog/what-ad-server-is-dishing-up-malware-and-bots/ So what to do here is block ad dot yieldmanager dot com in my Firefox cookies and I blocked ad dot doubleclick dot net. I made these addresses non-clickable for obvious reasons.
So at the moment I am analyzing where I am going with Perspectives, RequestPolicy, FoxBeacon add-ons, and then I report back to the maker of NoScript to make firefox even more secure as it is, and also report here on our forums about my findings,
I have this add-on now in my Minefield version of Firefox and I must say I like it a lot.
The reasons why to block certain redirects are mentioned here: http://requestpolicy.com/privacy
Because yes allowing googleanalytics with Urchin.js collects your surfing habits. Not that it’s use is immoral, it is amoral, they wanna profile all of you. And with Urchin.js on a site it is as being part of that site.
I would not think of a malcreant’s version of Urchin.js and what that could do. But that is not what I am thinking about. Read why: http://requestpolicy.com/privacy
In fact I find this add-on very helpful security-wise, like NoScript, and so thinks Giorgio Maone, the developer of NoScript, who wants to bring this add-on’s functionality in some form to NoScript’s. Good idea!
Also Foxbeacon is nice to get the bugs it finds added to the blockable items of ABP plus, but I have to admit that using ABP in combination with NoScript and Request Policy I haven’t seen a Category 3 (P3P classification) Web bug so far, only the Category 1 (and the best of sites have them even good old Microsoft).
The profiles and surf habit-trackers sure do not like Polonus for showing ways to block their caching of your every click and link, but I think we have a right to block cookies, and super cookies, and redirects and identification tags on our hard disks (for video searches even before you clicked the start button).
And to make it even more difficult to track me, I start some session of TrackMeNot to give some additional bogus search queries for the archives.
Oh, I realize now are far from a really secure and safe browser,