Rubenerd

Another great reason for using NoScript in Firefox if you didn't think it was useful before is that it blocks embedded media such as Flash unless you specifically choose to unblock it on individual pages (which for me is almost never!). With HTML5 elements like <video> and <audio> now being supported in Firefox 3.5 I was worried I'd be losing this control and that there would be an unguarded vector for attack… not to mention being annoyed and irritated by pages that start playing jingles and animated advertisements!

Suppose Firefox employed an external library to play media which turned out to be vulnerable; it's happened in the past. Any malicious hacker could embed a specially crafted video or audio file into a page and your browser would start playing it automatically when you visited the page. By the time you realised what was going on, it'd be too late.

Well it's time to breath easier again (that sounded like an introduction to a cheap infomercial). I just noticed this evening after updating to version 1.9.8.1 that NoScript now blocks HTML5 media elements on pages that aren't on your NoScript whitelist just like JavaScript, Flash and the like which is fantastic news. I understand selectively enabling JavaScript may be a bit troublesome for some people to cope with, but HTML5 media filtering should be a mandatory part of Firefox in my opinion.

In any event, it's one less thing to make me nervous and to worry about, which for someone always buzzing with social anxiety and caffeine is a good thing :).