about:addons hangs a while

Post a reply

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
BBCode is ON
[img] is ON
[url] is ON
Smilies are ON
Topic review
   

Expand view Topic review: about:addons hangs a while

Re: about:addons hangs a while

by pkiff » Mon May 08, 2017 11:24 am

OK, thanks.

Now that I can load up the "Get Add-ons" tab again to see what content is offered there, I'm tempted to say that the best workaround is simply not to click on that tab! All that tab does is show a couple pre-selected add-ons and then give you a link to the add-ons site at the bottom.

Re: about:addons hangs a while

by barbaz » Mon May 08, 2017 4:06 am

Nope. Your regexes would also allow XSSing of, say, 'https://discovery.addons.mozilla.orgbla ... othersite/'.

You only needed one / on the end -

Code: Select all

^https://discovery\.addons\.mozilla\.org/.*$

Adding this as a default exception would not be advisable. It allows any site to XSS anything on 'https://discovery.addons.mozilla.org'. The exception is just a workaround for a NoScript bug. Better to fix the bug.

Re: about:addons hangs a while

by pkiff » Mon May 08, 2017 3:25 am

Pushing this issue up again since I ran into it today and found it hard to pin down. The error that eventually would appear in the window is:
"NoScript filtered a potential cross-site scripting (XSS) attempt from [chrome:]. Technical details have been logged to the Console.
This error occurred on two different boxes running FF 53.02 (32-bit) (one Windows 10, the other Windows 7).

fandeath's solution above resolved the problem for me. Thank You!

In order to whitelist the Mozilla "discovery" addons site for Cross-Site Scripting, I added the following regular expression on a new line to the No Script Options -> Advanced -> Anti-XSS Protection Exceptions list:

Code: Select all

^https://discovery\.addons\.mozilla\.org.*$
Mmmm...looking at this now, I suppose this would leave open the possibility of someone somehow using that as a subdomain to some malicious domain in order to bypass the XSS protection (i.e., discovery.addons.mozilla.org.baddomain.bad. I wonder if someone can tweak this regex and then this can be added as a default exception?

Re: about:addons hangs a while

by barbaz » Thu Mar 09, 2017 9:44 pm

Thank you for letting us know the solution. 8-)

That's interesting. I wasn't aware that the XSS filter used CSP. And I'm not sure the implications of that XSS exception.

Yet another thing to call to Giorgio's attention?

Re: about:addons hangs a while

by fandeath » Thu Mar 09, 2017 6:47 pm

it looks similar to my problem.
btw, I solved it.

reason:
> Content Security Policy: 페이지 설정으로 인해 자원 읽기 차단: self ("script-src https://addons-discovery.cdn.mozilla.net https://www.google-analytics.com/analytics.js"). normal:1
it says "self", but actual page location is "https://discovery.addons.mozilla.org/ko ... ane/normal" and it includes kinda <src source="https://addons-discovery.cdn.mozilla.net/[some text]"/>.

solution:
whitelist "https://discovery.addons.mozilla.org/" in XSS filter.

Re: about:addons hangs a while

by barbaz » Tue Mar 07, 2017 8:02 pm

viewtopic.php?f=7&t=22299

Re: about:addons hangs a while

by therube » Tue Mar 07, 2017 4:51 pm

FWIW, https://www.google.com/search?q=site%3A ... unofficial

Bug 1336584 about:addons triggers consolespam: "Content Security Policy: Directive ‘frame-src’ has been deprecated. Please use directive ‘child-src’ instead."

Re: about:addons hangs a while

by fandeath » Tue Mar 07, 2017 11:56 am

therube wrote:(On particular Profiles, I have long had a delay in opening Addons Manager. Seem to recall ... actually I don't recall, but maybe it had something to do with the "Get Add-ons" feature & if you disabled that... Anyhow, I never did try that out on my end [& even though I've never used 'Get Addons'. Looked for the thread, ah, maybe it was something like this, but its too old to be relevant, [Firefox 4 release/nightlies : Linux] Add-ons manager hangs.)
actually, I have this problem when "discovery" pane selected. though, it gave me a hint and I monitored browser console. below is browser console outputs.

Code: Select all

Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist.  ExtensionUtils.jsm:381
Content Security Policy: 'frame-src' 디렉티브는 폐지되었습니다. 대신 'child-src' 디렉티브를 사용하세요.  (알 수 없음)
Error: call to Function() blocked by CSP  (알 수 없음)
TypeError: this.sandbox is undefined
스택 추적:
receive@resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/content/worker-child.js:87:7
emitOnObject@resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/event/core.js:112:9
emit@resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/event/core.js:89:38
messageReceived@resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/remote/child.js:67:37
  core.js:106
about:blank : Unable to run script because scripts are blocked internally.  (알 수 없음)
Content Security Policy: 페이지 설정으로 인해 자원 읽기 차단: self ("script-src https://addons-discovery.cdn.mozilla.net https://www.google-analytics.com/analytics.js").  normal:1
Content Security Policy: 페이지 설정으로 인해 자원 읽기 차단: self ("script-src https://addons-discovery.cdn.mozilla.net https://www.google-analytics.com/analytics.js").  (알 수 없음)
about:blank : Unable to run script because scripts are blocked internally.  (알 수 없음)
getAttributeNode()는 더 이상 사용하지 않습니다. 대신 getAttribute()를 사용해 주십시오.  disco-a0e268f38fa39d200b73.js:159:10254
getAttributeNode()는 더 이상 사용하지 않습니다. 대신 getAttribute()를 사용해 주십시오.  disco-a0e268f38fa39d200b73.js:159:10254
it looks like XSS blocking making some issues. when I turned off "block malcious xss request", the problmes disappears. (although it is not good idea to turn off this)

Re: about:addons hangs a while

by fandeath » Tue Mar 07, 2017 11:32 am

therube wrote:What version of NoScript?

How much RAM is FF using?
Approx. how many windows/tabs are you using?
How many extensions are you using?
I'm using noscript 5.0.

right after startup, FF uses about 500MB. (with 1 tab)
I usually use 1 window with < 10 tabs.
I use 36+1 extensions. (1 is noscript) the problem does not occurs with 36 extensions(all extensions except noscript) though.

Re: about:addons hangs a while

by therube » Tue Mar 07, 2017 11:11 am

What version of NoScript?

How much RAM is FF using?
Approx. how many windows/tabs are you using?
How many extensions are you using?


(On particular Profiles, I have long had a delay in opening Addons Manager. Seem to recall ... actually I don't recall, but maybe it had something to do with the "Get Add-ons" feature & if you disabled that... Anyhow, I never did try that out on my end [& even though I've never used 'Get Addons'. Looked for the thread, ah, maybe it was something like this, but its too old to be relevant, [Firefox 4 release/nightlies : Linux] Add-ons manager hangs.)

about:addons hangs a while

by fandeath » Tue Mar 07, 2017 10:29 am

When I open abount:addons page, it hangs a while. eventually it opens, but it takes about 1 min.

I inspected the problem, and the problem disappears when I disable noscript.

Is there any solution to solve this problem? (except disable noscript)

Top