Search found 129 matches
- Sat Oct 22, 2011 10:55 am
- Forum: NoScript Support
- Topic: XSS examples not blocked by Noscript?
- Replies: 20
- Views: 16883
Re: XSS examples not blocked by Noscript?
you'd see that NoScript's XSS filter can't do anything specific to block them, because otherwise no redirection service or any other web application which takes absolute URLs as parameters (e.g. URL shorteners, or any blog comment form) would work. The problem here is the incredible stupidity of th...
- Sat Oct 22, 2011 10:41 am
- Forum: NoScript Support
- Topic: XSS examples not blocked by Noscript?
- Replies: 20
- Views: 16883
Re: XSS examples not blocked by Noscript?
Absolutely. The question is only why the Noscript InjectionChecker doesn't recognize the request as a potential XSS attack "even if coming from a trusted source". I guess you don't get what TRUSTED means which is to say that you are allowing it to do whatever because you TRUSTED it. Scrip...
- Fri Oct 21, 2011 4:44 pm
- Forum: NoScript Support
- Topic: XSS examples not blocked by Noscript?
- Replies: 20
- Views: 16883
Re: XSS examples not blocked by Noscript?
These examples only work if also davidlynch.org is whitelisted Actually both davidlynch.org & the "host" domain need to be Allowed. That's what i wrote above. And given that, I suppose that is why NoScript does not notify. I think it should considering the quotation in my last post. O...
- Fri Oct 21, 2011 3:12 pm
- Forum: NoScript Support
- Topic: XSS examples not blocked by Noscript?
- Replies: 20
- Views: 16883
Re: XSS examples not blocked by Noscript?
Neat, http://news.cnet.com/ , heh. Yes, all of these examples are funny. But since http://noscript.net/features#xss says: Furthermore, NoScript's sophisticated InjectionChecker engine checks also all the requests started from whitelisted origins for suspicious patterns landing on different trusted ...
- Fri Oct 21, 2011 11:54 am
- Forum: NoScript Support
- Topic: XSS examples not blocked by Noscript?
- Replies: 20
- Views: 16883
XSS examples not blocked by Noscript?
I just learned about http://davidlynch.org/blog/2011/10/xss-is-fun/ which provides some XSS examples for several popular websites. These examples only work if also davidlynch.org is whitelisted so we are protected by default. Nevertheless, shouldn't the XSS filter of Noscript stop these examples eve...
- Sat Oct 15, 2011 2:09 pm
- Forum: NoScript General
- Topic: Every once in a while, I still see Flash objects. Why?
- Replies: 13
- Views: 6837
Re: Every once in a while, I still see Flash objects. Why?
Besides, the upcoming Noscript 3 aka NSA will offer more flexibility. The desktop version will hopefully be available very soon.
- Sun Oct 02, 2011 6:31 pm
- Forum: NoScript General
- Topic: NoScript Sightings
- Replies: 155
- Views: 714772
Re: NoScript Sightings
The man in the browser and Phishing with legit URL’s
Of course noscript will prevent these kind of attacks ...
- Wed Sep 21, 2011 11:03 am
- Forum: NoScript Development
- Topic: Noscript for Google Chrome?
- Replies: 154
- Views: 557965
Re: Noscript for Google Chrome?
Really? I've never observed that on my machine regardless which FF version I was using.nickr wrote: I'd add a #3 to this:
3. FF does not free up memory when closed (that is, when the application itself is closed it continues to hold onto memory for some time)
- Tue Sep 20, 2011 11:50 am
- Forum: NoScript Support
- Topic: Hackers break SSL encryption used by millions of sites
- Replies: 12
- Views: 10447
Hackers break SSL encryption used by millions of sites
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ This sounds really horrible. BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection.. The detail...
- Tue Sep 06, 2011 4:38 pm
- Forum: NoScript Development
- Topic: Noscript for Google Chrome?
- Replies: 154
- Views: 557965
Re: Noscript for Google Chrome?
> Memory consumption is dramatically lower A lower "number" is not necessarily "better". Agreed. But most complaints in the past were referring to the fact that 1. FF did not free up memory when tabs were closed, and 2. memory consumption steadily increased over several hours pa...
- Tue Sep 06, 2011 2:24 pm
- Forum: NoScript Development
- Topic: Noscript for Google Chrome?
- Replies: 154
- Views: 557965
Re: Noscript for Google Chrome?
Yeah, the memory leak problems in Firefox are what finally did it in for me too. It's significant to note though that Firefox has suffered from this memory leak (it has gotten worse recently though) for quite some time. Mozilla Developers just ignored the issue for a long time despite user complain...
- Sun Jul 17, 2011 3:55 pm
- Forum: NoScript Development
- Topic: V. 2.1.2.4rc2: FF doesn't load any other websites
- Replies: 2
- Views: 1508
Re: V. 2.1.2.4rc2: FF doesn't load any other websites
Wow, that was fast Thanks, Giorgio!Giorgio Maone wrote:Fixed in rc3.
- Sun Jul 17, 2011 3:51 pm
- Forum: NoScript Development
- Topic: V. 2.1.2.4rc2: FF doesn't load any other websites
- Replies: 2
- Views: 1508
V. 2.1.2.4rc2: FF doesn't load any other websites
After installing the newest development version in FF 5.0 under Kubuntu 11.04 and restarting the browser I was able to click and load any links in the open website previously loaded. New websites from bookmarklets or from the address bar are not loaded anymore. The problem disappears after disabling...
- Sat Jun 11, 2011 6:58 pm
- Forum: NoScript Development
- Topic: Discussion: Site Specific Permissions Policy
- Replies: 165
- Views: 114104
Re: Discussion: Site Specific Permissions Policy
Ha - you beat me againGiorgio Maone wrote:Look againtlu wrote: EDIT: It's blocked with the $object rule, though.
Well, I hope that you're making good progress with NSA then - obviously the only suitable solution for our problem
- Sat Jun 11, 2011 5:13 pm
- Forum: NoScript Development
- Topic: Discussion: Site Specific Permissions Policy
- Replies: 165
- Views: 114104
Re: Discussion: Site Specific Permissions Policy
As long as Noscript 3 isn't available yet, there is a workaround using AdblockPlus. If you want to block flash by default just add this custom filter: swf| Hmm, no . Oops - I didn't know that. Although I knew that Flashblock can be defeated. Thanks for that hint, Giorgio. EDIT: It's blocked with th...