NS 5.0.4 & later - XSS filter stalls firefox on Postillon

Bug reports and enhancement requests
cepheus
Posts: 10
Joined: Thu Apr 06, 2017 12:54 pm

Re: [Config workaround] NS 5.0.4 stalls firefox on Postillon

Post by cepheus » Fri May 26, 2017 4:28 pm

barbaz wrote:Does the hanging occur with NoScript latest development build?
Unfortunately, yes (NoScript 5.0.5rc10).
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0

barbaz
Senior Member
Posts: 9280
Joined: Sat Aug 03, 2013 5:45 pm

Re: [Config workaround] NS 5.0.4 stalls firefox on Postillon

Post by barbaz » Fri May 26, 2017 9:45 pm

Since the XSS filter is performing like cold molasses just to do nothing, and since it wasn't like this in previous versions, I would agree this sounds like a NoScript bug. So, moving to NoScript Development as a bug report. Thanks
*Always* check the changelogs BEFORE updating that important software!
-

Alice_Redhat
Posts: 7
Joined: Mon May 29, 2017 2:51 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by Alice_Redhat » Mon May 29, 2017 3:21 pm

I have the same configuration as Baltasar4711 and was having the same issue. Some websites would cause FF to "stop responding" and no amount of wait time would stop the hang, only a hard close. I thought there was something wrong with my profile, etc. But when I traced it back, I noticed it started with the last update to NoScript.

I'm by no means an expert but since disabling XSS did not eliminate the hangs, I decided to try the latest dev build knowing I could always re-install 5.0.4 again or disable oScript until I thought it was fixed (which I didn't really want to do). It seems to be fixed in the 5.0.5.rc12 build. I tested it by going to the websites where I knew it was hanging and forcing me to close FF. Good work at fixing it so fast!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0

User avatar
Giorgio Maone
Site Admin
Posts: 8742
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by Giorgio Maone » Tue Jun 20, 2017 4:33 pm

This should be a regression in the XSS filter performance in face of large JSON payloads, due to the recently added protection against several attacks exploiting popular template engines.

I'm about to release a fix for it, stay tuned.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0

User avatar
Giorgio Maone
Site Admin
Posts: 8742
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by Giorgio Maone » Fri Jun 30, 2017 12:09 am

Please check latest development build 5.0.6rc5, thanks.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0

Reindeer
Posts: 4
Joined: Fri Jul 07, 2017 3:12 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by Reindeer » Sun Jul 09, 2017 9:45 am

Still happens with 5.0.6rc6 as described here viewtopic.php?f=10&t=23061
Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0

barbaz
Senior Member
Posts: 9280
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by barbaz » Sun Jul 09, 2017 4:05 pm

Reindeer, does it still happen with 5.0.6rc6 if you do this? - viewtopic.php?p=88089#p88089
*Always* check the changelogs BEFORE updating that important software!
-

Reindeer
Posts: 4
Joined: Fri Jul 07, 2017 3:12 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by Reindeer » Tue Jul 18, 2017 4:38 pm

barbaz wrote:Reindeer, does it still happen with 5.0.6rc6 if you do this? - viewtopic.php?p=88089#p88089
I added the two rules and it still freezes.
Are you not able to reproduce this bug? I can easily reproduce it with a clean profile.
Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0

barbaz
Senior Member
Posts: 9280
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by barbaz » Tue Jul 18, 2017 6:46 pm

Sorry, I was confusing this with another issue. I do reproduce this one with a clean profile, Firefox 54.0, NoScript 5.0.7rc1.

Looks like it's not the same issue as the other XSS filter hang. This one does not seem to subside, and it happens even with all scripts disabled. Doesn't matter whether e10s is on or off.

Disabling the XSS filter removes the hang.

I don't see related messages in the Browser Console, but I'm not sure how meaningful that is here.
*Always* check the changelogs BEFORE updating that important software!
-

BudeII
Posts: 2
Joined: Sun Jul 09, 2017 9:00 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by BudeII » Sat Jul 22, 2017 10:02 am

I'm impacted by this issue also.

Just want to say that the postillion site freezes on my system even when NoScript is general disabled.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0

barbaz
Senior Member
Posts: 9280
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by barbaz » Sat Jul 22, 2017 3:20 pm

BudeII wrote:Just want to say that the postillion site freezes on my system even when NoScript is general disabled.
Then you are experiencing a different problem. The issue discussed in this thread is definitely caused by NoScript's XSS filter, which doesn't run when NoScript is disabled.
*Always* check the changelogs BEFORE updating that important software!
-

bgmnt
Junior Member
Posts: 48
Joined: Sun Nov 17, 2013 3:41 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by bgmnt » Sun Jul 23, 2017 8:35 am

barbaz wrote:
BudeII wrote:Just want to say that the postillion site freezes on my system even when NoScript is general disabled.
Then you are experiencing a different problem. The issue discussed in this thread is definitely caused by NoScript's XSS filter, which doesn't run when NoScript is disabled.
Firefox 54.0.1 64bit does hang when I have noscript 5.06 installed with "Forbid scripts globally". "sanitize cross-site suspicious requests" is still active in that case.
Disabling the noscript addon in the addon manager or disabling "sanitize cross-site suspicious requests" gets rid of the delay.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0

User avatar
Giorgio Maone
Site Admin
Posts: 8742
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by Giorgio Maone » Mon Jul 24, 2017 9:25 pm

Please check latest development build 5.0.8rc1, thanks.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0

barbaz
Senior Member
Posts: 9280
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by barbaz » Mon Jul 24, 2017 10:38 pm

Seems fixed here, thanks! Image
*Always* check the changelogs BEFORE updating that important software!
-

BudeII
Posts: 2
Joined: Sun Jul 09, 2017 9:00 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Post by BudeII » Sun Aug 06, 2017 6:29 am

Issiue dissapered when using version 5.0.8.1, thanks!
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0

Post Reply