Need to remove a Javascript pop-up notice

Post a reply

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: Need to remove a Javascript pop-up notice

Re: Need to remove a Javascript pop-up notice

by arcadian » Mon Sep 14, 2015 2:37 pm

barbaz wrote:Hang on... you're saying that they *can't* reproduce this issue with Fx + NS - as when they try it, they neither A) have anything writing to window.name in such a way that NS complaining about it when testing it out, nor B) have the browser trying to download something that looks like it was once a javascript: URI?

Because with the information we now have, that is the only way that they could reasonably say the problem it's on your end.
No sorry it's the main help desk in London over the phone dealing with general account queries who are only allowed to access customer's accounts, and nothing to do with the internet which as a newbie I'd originally thought was a possibility.
barbaz wrote:Resetting Firefox completely sounds too extreme to me. You can reset only NoScript by going to NoScript Options & clicking Reset (on the very bottom)...
Thanks for the tip....

Re: Need to remove a Javascript pop-up notice

by barbaz » Mon Sep 14, 2015 2:10 pm

arcadian wrote:Bank said the same as before basically it's my end so after a bit of googling etc. pretty sure they're right and as you might have said probably a browser hijack.
Hang on... you're saying that they *can't* reproduce this issue with Fx + NS - as when they try it, they neither A) have anything writing to window.name in such a way that NS complaining about it when testing it out, nor B) have the browser trying to download something that looks like it was once a javascript: URI?

Because with the information we now have, that is the only way that they could reasonably say the problem it's on your end.
arcadian wrote:However I did discover as a temporary work around that refreshing Firefox completely worked fine, though only after I also discovered you have to mark the Bank as untrusted to begin with otherwise you have to keep on refreshing Firefox !
Resetting Firefox completely sounds too extreme to me. You can reset only NoScript by going to NoScript Options & clicking Reset (on the very bottom)...

Re: Need to remove a Javascript pop-up notice

by arcadian » Mon Sep 14, 2015 1:47 pm

Yes much clearer all round thank you though still hopelessly lost with all the technical stuff ! :)

Bank said the same as before basically it's my end so after a bit of googling etc. pretty sure they're right and as you might have said probably a browser hijack.

I've now tried just about every cleaner going with no luck, so will get my repair guy to do it who's been in the business over 30 years. However I did discover as a temporary work around that refreshing Firefox completely worked fine, though only after I also discovered you have to mark the Bank as untrusted to begin with otherwise you have to keep on refreshing Firefox !

Will let you know what he finds and recommends later on....

Thanks again ! :)

Re: Need to remove a Javascript pop-up notice

by barbaz » Sun Sep 13, 2015 11:11 pm

arcadian wrote:is there any simple basic info for us types anywhere I can read as to what NS does and aims to do ?
The simple explanation of what NoScript does & aims to do, is to make your web browser MUCH more secure.
I'm not sure that's the answer you were looking for, and if I explain more details you probably won't consider it "simple basic info"... so I'm not sure I understand the question... Image
arcadian wrote:Also what does ABE and XXXs mean ?
ABE
By default it just blocks websites from accessing anything on your local network.

XSS = Cross-Site Scripting. Basically it's when one site (attack site) tries to have its scripts run by another site (victim, usually sensitive site in some way) when this is not intended by the webmaster of the victim site, using users' browsers as the means to attack rather than attempting hacking the site.
arcadian wrote:Anyway first thing I did when it happened was to contact the bank who said it was nothing to do with them, which with hindsight was ridiculous given what you've just told me. Instead they should have automatically told me to immediately report it as a security breach but they didn't ! So now to report it to the bank as I simply daren't tamper with anything....
Well, when you first reported this you were probably just saying that this notice came up, which yes, they would reply that it's not their problem. There's no reason to think it's a site security hole from that description.
Now, you can report that it's the result of NoScript preventing them using a highly insecure practice. You should get a different response.
Oh, and I would suggest you give them the link to this thread if possible.
arcadian wrote:Again many thanks will keep you posted....!!!!!! :)
You're welcome & thanks.

Re: Need to remove a Javascript pop-up notice

by arcadian » Sun Sep 13, 2015 6:19 pm

Great finally got a little clearer idea of things now, so grateful thanks indeed and apols for the dumb final question.... ! :oops:

Although I've had NS for ages firstly I've never really understood what it was all about as I'm far too busy, so when a friend recommended me to use it to begin with that was good enough for me. Secondly I'm not a techie at all and never will be, and finally when I did try to find out anything it was sheer information overload with no idea of where or how to start. So is there any simple basic info for us types anywhere I can read as to what NS does and aims to do ? Also what does ABE and XXXs mean ?

Anyway first thing I did when it happened was to contact the bank who said it was nothing to do with them, which with hindsight was ridiculous given what you've just told me. Instead they should have automatically told me to immediately report it as a security breach but they didn't ! So now to report it to the bank as I simply daren't tamper with anything....

Again many thanks will keep you posted....!!!!!! :)

Re: Need to remove a Javascript pop-up notice

by barbaz » Sun Sep 13, 2015 4:27 pm

arcadian wrote:Apologies but I haven't the slightest idea what any of it means or what to do :)
Contact the site and tell them what they are doing is very unsafe and should be changed ASAP?
The reason why it's unsafe is they are putting data where *any* site you visit in the same tab/iframe/whatever can access it, so if you were to later visit an attack site, or have already visited an attack site which planted specially crafted payload there... :o

Or perhaps you can block the script causing this message, using ABE or a surrogate script?

(XSS exception is *not* safe here IMO.)
arcadian wrote:Wouldn't it be simplest to just turn off No Script altogether.... ?
Do you really think there is any way that it'd be simpler to deal with the after-effects of being XSS'ed, clickjacked, etc., some of which may be used as a malware delivery vector or means to steal money from you, rather than troubleshoot this problem?
Image

It's not a matter of "if" you'll run into an attack situation on the Internet; it's a matter of when it happens...

Re: Need to remove a Javascript pop-up notice

by arcadian » Sun Sep 13, 2015 3:23 pm

Apologies but I haven't the slightest idea what any of it means or what to do :) Wouldn't it be simplest to just turn off No Script altogether.... ?

Re: Need to remove a Javascript pop-up notice

by barbaz » Sun Sep 13, 2015 2:25 pm

barbaz wrote:see viewtopic.php?f=7&t=21192 ?

Re: Need to remove a Javascript pop-up notice

by arcadian » Sun Sep 13, 2015 9:42 am

How's things going any luck yet....?

Re: Need to remove a Javascript pop-up notice

by arcadian » Fri Sep 11, 2015 9:28 am

browser.xul
Key event not available on some keyboard layouts: key="c" modifiers="accel,alt" browser.xul
Key event not available on some keyboard layouts: key="i" modifiers="accel,alt,shift" browser.xul
[NoScript InjectionChecker] JavaScript Injection in qp=si=1&e=https%3A%2F%2Fonline.lloydsbank.co.uk&LSESSIONID=jLd1o6QZ44QndCuBLhsp2TwMpfOSpn%2FZXEiyEXavFtPX08UvNMN04sU%3D&t=xpost&pd=d=JTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uZGl2JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMndyYXBwZXIlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjElMjUyQyUyNTIyJTI1MjIlMjUyQyUyNTIyb3V0ZXIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyaGVhZGVyJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIzJTI1MkMlMjUyMiUyNTIyJTI1MkMlMjUyMmNsZWFyZml4JTI1MjIlMjU1RCUyNTJDJTI1NUI0JTI1MkMlMjUyMiUyNTIyJTI1MkMlMjUyMnNlY3VyZU1zZyUyNTIyJTI1NUQlMjUyQyUyNTVCNSUyNTJDJTI1MjIlMjUyMiUyNTJDJTI1MjJsb2dnZWRJbiUyNTIyJTI1NUQlMjUyQyUyNTVCNiUyNTJDJTI1MjIlMjUyMiUyNTJDJTI1MjJwYWdlV3JhcCUyNTIyJTI1NUQlMjUyQyUyNTVCNyUyNTJDJTI1MjJwYWdlJTI1MjIlMjUyQyUyNTIyY29udGVudCUyNTIyJTI1NUQlMjUyQyUyNTVCOCUyNTJDJTI
[NoScript XSS]: sanitized window.name, "qp=si%3D1%26e%3Dhttps%253A%252F%252Fonline.lloydsbank.co.uk%26LSESSIONID%3DjLd1o6QZ44QndCuBLhsp2TwMpfOSpn%252FZXEiyEXavFtPX08UvNMN04sU%253D%26t%3Dxpost&pd=d%3DJTVCJTdCJTIyaWQlMjIlM0ElMjI2JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMmNpZCUyMiUzQSUyMjYlMjIlMkMlMjJiJTIyJTNBMCUyQyUyMmQlMjIlM0ElMjIlMjU3QiUyNTIyZG9tLmJsb2NrcXVvdGUlMjUyMiUyNTNBJTI1NUIlMjU1RCUyNTJDJTI1MjJkb20uZGl2JTI1MjIlMjUzQSUyNTVCJTI1NUIwJTI1MkMlMjUyMndyYXBwZXIlMjUyMiUyNTJDJTI1MjIlMjUyMiUyNTVEJTI1MkMlMjU1QjElMjUyQyUyNTIyJTI1MjIlMjUyQyUyNTIyb3V0ZXIlMjUyMiUyNTVEJTI1MkMlMjU1QjIlMjUyQyUyNTIyaGVhZGVyJTI1MjIlMjUyQyUyNTIyJTI1MjIlMjU1RCUyNTJDJTI1NUIzJTI1MkMlMjUyMiUyNTIyJTI1MkMlMjUyMmNsZWFyZml4JTI1MjIlMjU1RCUyNTJDJTI1NUI0JTI1MkMlMjUyMiUyNTIyJTI1MkMlMjUyMnNlY3VyZU1zZyUyNTIyJTI1NUQlMjUyQyUyNTVCNSUyNTJDJTI1MjIlMjUyMiUyNTJDJTI1MjJsb2dnZWRJbiUyNTIyJTI1NUQlMjUyQyUyNTVCNiUyNTJDJTI1MjIlMjUyMiUyNTJDJTI1MjJwYWdlV3JhcCUyNTIyJTI1NUQlMjUyQyUyNTVCNyUyNTJDJTI1MjJwYWdlJTI1MjIlMjUyQyUyNTIyY29udGVudCUyNTIyJTI1NUQlMjUyQyUyN
https://marketing.lloydsbank.co.uk//llo ... %3DPLO0512
about:blank
Overriding failed (2147500037) redirect callback for 12: https://aa.online-metrix.net/fpc.swf?se ... 3a3a3d3135 -> https://aa.online-metrix.net/fpc.swf?se ... 3a3a3d3135 - 2
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More] update.xm

Re: Need to remove a Javascript pop-up notice

by barbaz » Thu Sep 10, 2015 8:37 pm

Reproduce the problem, hit Ctrl-Shift-J, and post all messages you see starting with "[NoScript".

Re: Need to remove a Javascript pop-up notice

by arcadian » Thu Sep 10, 2015 2:26 pm

Sorry way, way above my head.... ! :)

Re: Need to remove a Javascript pop-up notice

by Thrawn » Thu Sep 10, 2015 6:04 am

I'm guessing that there will be something in the Browser Console (Ctrl+Shift+J) when this occurs. Probably either the XSS filter or the Cross-Site Inclusion Filter.

Re: Need to remove a Javascript pop-up notice

by barbaz » Wed Sep 09, 2015 8:33 pm

Yes the one on Photobucket. Still same deal here but if I download it then I can view it in my system's image viewer.

see viewtopic.php?f=7&t=21192 ?

Re: Need to remove a Javascript pop-up notice

by arcadian » Wed Sep 09, 2015 6:58 pm

If you mean the image in Photobucket mine's fine....

Top