Someone else can correct me if I am wrong, but if that happened then NoScript would display the malicious script separately.

The user must single out and white list the malicious script in order for it to function.

Data gathered by the malicious script can be sent back to the attacker's website.

Well, the problem was, that site had been compromised with some malicious script which then checked the version of IE the user was running.

All it takes is for one of those white listed sites to get compromised and have a malicious script put on their page.

This allows the program to prevent malicious scripts from running.

So if you had malicious scripts running that were trying to steal information, they could still do so.

Some users prefer to write their own IRC scripts to avoid the potential problems caused by a malicious or buggy script.

For example, a script engine which allows file and network access may allow malicious scripts to steal confidential data through privileged users' accounts.

The flaw enables attackers to cause victims to run malicious scripts by visiting a web page.