Giorgio Maone wrote:
regarding the amiright.com thing, that's very strange because the origin is reported same-site with the destination, so technically this is not a cross-site request.
Under these circumstances, you can only get a XSS warning if you changed the noscript.injectionCheck about:config
preference values to 3 or above. Is this the case?
I'm still investigating on the web mail stuff...
I've never touched that config either (or heard of it), but just checked, and it is at the default value of 2.
Yahoo Classic Mail just did it again a few minutes ago, this time with different errors. The message had no attachments and was not long, but because it was business-related, it took some time to compose. When trying to "send", it hung forever. XSS gave the same message as before, unsafe reload from auto-save.
Console had about 80 warnings, mostly missing declarations or * declarations, but the red Errors were:
Error: Components.classes['@mozilla.org/updates/timer-manager;1'] has no properties
Source File: file:///C:/Program%20Files/Mozilla%20Firefox/components/nsExtensionManager.js
Error: [Exception... "'SyntaxError: parseJSON' when calling method: [nsIOnReadyStateChangeHandler::handleEvent]" nsresult: "0x8057001c
(NS_ERROR_XPC_JS_THREW_JS_OBJECT)" location: "<unknown>" data: no]
Thanks for investigating. As a work-around, I might compose in a text editor and then paste into email, since it happens only when the message is pending long enough to activate auto-save, I think. I don't want to go back to 188.8.131.52, as I hope this info is useful. Let me know if there is anywhere else I should look, or configurations to check. Thanks again.
LIght bulb: "'@mozilla.org/updates/timer-manager;1'] has no properties"
I have updates disabled, since I'm staying with F2 and usually get dev builds of NS. But why would mozilla updates affect Yahoo mail?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:184.108.40.206) Gecko/20081217 Firefox/220.127.116.11 diehard