NS 5.0.4 & later - XSS filter stalls firefox on Postillon

Bug reports and enhancement requests

Re: [Config workaround] NS 5.0.4 stalls firefox on Postillon

Postby cepheus » Fri May 26, 2017 4:28 pm

barbaz wrote:Does the hanging occur with NoScript latest development build?


Unfortunately, yes (NoScript 5.0.5rc10).
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
cepheus
 
Posts: 10
Joined: Thu Apr 06, 2017 12:54 pm

Re: [Config workaround] NS 5.0.4 stalls firefox on Postillon

Postby barbaz » Fri May 26, 2017 9:45 pm

Since the XSS filter is performing like cold molasses just to do nothing, and since it wasn't like this in previous versions, I would agree this sounds like a NoScript bug. So, moving to NoScript Development as a bug report. Thanks
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: https://forums.informaction.com/viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 7107
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby Alice_Redhat » Mon May 29, 2017 3:21 pm

I have the same configuration as Baltasar4711 and was having the same issue. Some websites would cause FF to "stop responding" and no amount of wait time would stop the hang, only a hard close. I thought there was something wrong with my profile, etc. But when I traced it back, I noticed it started with the last update to NoScript.

I'm by no means an expert but since disabling XSS did not eliminate the hangs, I decided to try the latest dev build knowing I could always re-install 5.0.4 again or disable oScript until I thought it was fixed (which I didn't really want to do). It seems to be fixed in the 5.0.5.rc12 build. I tested it by going to the websites where I knew it was hanging and forcing me to close FF. Good work at fixing it so fast!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Alice_Redhat
 
Posts: 1
Joined: Mon May 29, 2017 2:51 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby Giorgio Maone » Tue Jun 20, 2017 4:33 pm

This should be a regression in the XSS filter performance in face of large JSON payloads, due to the recently added protection against several attacks exploiting popular template engines.

I'm about to release a fix for it, stay tuned.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
User avatar
Giorgio Maone
Site Admin
 
Posts: 8127
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby Giorgio Maone » Fri Jun 30, 2017 12:09 am

Please check latest development build 5.0.6rc5, thanks.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
User avatar
Giorgio Maone
Site Admin
 
Posts: 8127
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby Reindeer » Sun Jul 09, 2017 9:45 am

Still happens with 5.0.6rc6 as described here viewtopic.php?f=10&t=23061
Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0
Reindeer
 
Posts: 3
Joined: Fri Jul 07, 2017 3:12 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby barbaz » Sun Jul 09, 2017 4:05 pm

Reindeer, does it still happen with 5.0.6rc6 if you do this? - viewtopic.php?p=88089#p88089
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: https://forums.informaction.com/viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 7107
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby Reindeer » Tue Jul 18, 2017 4:38 pm

barbaz wrote:Reindeer, does it still happen with 5.0.6rc6 if you do this? - viewtopic.php?p=88089#p88089

I added the two rules and it still freezes.
Are you not able to reproduce this bug? I can easily reproduce it with a clean profile.
Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0
Reindeer
 
Posts: 3
Joined: Fri Jul 07, 2017 3:12 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby barbaz » Tue Jul 18, 2017 6:46 pm

Sorry, I was confusing this with another issue. I do reproduce this one with a clean profile, Firefox 54.0, NoScript 5.0.7rc1.

Looks like it's not the same issue as the other XSS filter hang. This one does not seem to subside, and it happens even with all scripts disabled. Doesn't matter whether e10s is on or off.

Disabling the XSS filter removes the hang.

I don't see related messages in the Browser Console, but I'm not sure how meaningful that is here.
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: https://forums.informaction.com/viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 7107
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby BudeII » Sat Jul 22, 2017 10:02 am

I'm impacted by this issue also.

Just want to say that the postillion site freezes on my system even when NoScript is general disabled.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
BudeII
 
Posts: 2
Joined: Sun Jul 09, 2017 9:00 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby barbaz » Sat Jul 22, 2017 3:20 pm

BudeII wrote:Just want to say that the postillion site freezes on my system even when NoScript is general disabled.

Then you are experiencing a different problem. The issue discussed in this thread is definitely caused by NoScript's XSS filter, which doesn't run when NoScript is disabled.
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: https://forums.informaction.com/viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 7107
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby bgmnt » Sun Jul 23, 2017 8:35 am

barbaz wrote:
BudeII wrote:Just want to say that the postillion site freezes on my system even when NoScript is general disabled.

Then you are experiencing a different problem. The issue discussed in this thread is definitely caused by NoScript's XSS filter, which doesn't run when NoScript is disabled.

Firefox 54.0.1 64bit does hang when I have noscript 5.06 installed with "Forbid scripts globally". "sanitize cross-site suspicious requests" is still active in that case.
Disabling the noscript addon in the addon manager or disabling "sanitize cross-site suspicious requests" gets rid of the delay.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
bgmnt
Junior Member
 
Posts: 43
Joined: Sun Nov 17, 2013 3:41 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby Giorgio Maone » Mon Jul 24, 2017 9:25 pm

Please check latest development build 5.0.8rc1, thanks.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
User avatar
Giorgio Maone
Site Admin
 
Posts: 8127
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby barbaz » Mon Jul 24, 2017 10:38 pm

Seems fixed here, thanks! Image
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: https://forums.informaction.com/viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 7107
Joined: Sat Aug 03, 2013 5:45 pm

Re: NS 5.0.4 & later - XSS filter stalls firefox on Postillo

Postby BudeII » Sun Aug 06, 2017 6:29 am

Issiue dissapered when using version 5.0.8.1, thanks!
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
BudeII
 
Posts: 2
Joined: Sun Jul 09, 2017 9:00 pm

Previous

Return to NoScript Development

Who is online

Users browsing this forum: No registered users and 1 guest