The Internet is full of threats like cross-site scripting attacks and clickjacking.
A lot of these attacks work by injecting scripts in web pages that you don’t even know are there.
You can give yourself a modicum more protection by running a Firefox plug-in called NoScript.
NoScript blocks all scripts from running until you authorize them. Go to addons.mozilla.org and search for NoScript. Intsall it like you would any add-on. Once you have it installed, look in the bottom right corner at the little S with the cross-out symbol. Clicking on it brings up a sub-menu that allows you to choose how to handle scripts on the page you’re at. The safest way to go is not to allow any scripts. You’ll never fall victim to code that doesn’t run. But some sites won’t work without scripts so… They next safest thing is to Temporarily allow only the scripts you need and or trust. A lazier and slightly less safe method is to temporarily allow all on a page.
The next more convenient level, but also next less safe is to permanently allow scripts either individually or all for a page. This becomes necessary for things like your Bank’s website or Google Docs where you don’t want to constantly allow scripts every time you launch your browser. If you permanently allow scripts from a site, you’re putting your trust in that site that it will never allow itself to be infected by a malicious script.
The worst thing you can do is globally allow all scripts. You might as well not run NoScript at that point. If you have allowed a script on a page and you change your mind about it, you can always choose forbid, to start blocking it again. Running noScript means you’re going to have to do a bit more thinking about pages you surf to. It was enlightening when I first started running NoScript which of my banks and utilities worked just fine without scripts and which became disabled. If nothing else, NoScript gives you more control over what risks you expose yourself to on the Net. I’m Tom Merritt, CNET.com.