I noticed that if I have addon NoScript enabled, and I allow all scripts, opening this webpage crashes Firefox: https://www.fyresite.com/team
Firefox stops responding and mouse cursor changes to spinning clock. Only solution is to close browser. After restarting same thing happen.
Opening this website with addon disabled does not crash Firefox.
Opening this site with scripts blocked (Forbid Scripts Globally) does not crash browser.
After doing some testing I figured out that site loads scripts from wp.com crazyegg.com google-analytics.com googletagmanager.com and facebook.net
Enabling facebook.net is what causes the problem. All other pages can be enabled and page loads fine.
Seems to me that there is no DNS entry for domain facebook.net. This might be cause of the problem.
My configuration: Windows 7 SP1 64 bit, Firefox 53.0.3, NoScript 5.0.5
Firefox hangs (Not Responding) when loading some scripts.
Firefox hangs (Not Responding) when loading some scripts.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Re: Firefox hangs (Not Responding) when loading some scripts
Sounds like you found the solution - just don't allow scripts from facebook.net.
What's your question?
What's your question?
*Always* check the changelogs BEFORE updating that important software!
-
Re: Firefox hangs (Not Responding) when loading some scripts
Sure, that solves the problem. But I think this bug is sort of important. Jokesters can use it to crash users browsers. Maybe even some other more dangerous exploits are possible.
It's probably a new feature fyresite added on Aug 24th, 2016 https://pastebin.com/U3EKMzkp
Could be just a typo facebook.net should be facebook.com.
But fact is that this is very easy way to crash browser of people who have noscript installed and allow scripts globally. In old days there were lots of those urls that crashed your browser or caused other inconveniences, we dont need more of weapons those sites can use.
Edit: facebook.net does not have DNS record, but connect.facebook.net does.
https://connect.facebook.net/en_US/fbevents.js and https://connect.facebook.com/en_US/fbevents.js both contain same content .
It's probably a new feature fyresite added on Aug 24th, 2016 https://pastebin.com/U3EKMzkp
Could be just a typo facebook.net should be facebook.com.
But fact is that this is very easy way to crash browser of people who have noscript installed and allow scripts globally. In old days there were lots of those urls that crashed your browser or caused other inconveniences, we dont need more of weapons those sites can use.
Edit: facebook.net does not have DNS record, but connect.facebook.net does.
https://connect.facebook.net/en_US/fbevents.js and https://connect.facebook.com/en_US/fbevents.js both contain same content .
Last edited by barbaz on Thu Jun 01, 2017 2:39 pm, edited 1 time in total.
Reason: kill live links
Reason: kill live links
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Re: Firefox hangs (Not Responding) when loading some scripts
The bug here would seem to be in facebook.net script.
Nope, facebook.net is an actual facebook domain. They use it for analytics scripts like the one you linked.lurker69 wrote:Could be just a typo facebook.net should be facebook.com.
*Always* check the changelogs BEFORE updating that important software!
-
Re: Firefox hangs (Not Responding) when loading some scripts
Most often, if the browser becomes unresponsive when scripts are allowed, it's because the site is sending suspicious-looking-but-safe requests that overload the XSS filter.
As a test, does it still hang if you disable Options-XSS-Sanitise cross-site suspicious requests?
As a test, does it still hang if you disable Options-XSS-Sanitise cross-site suspicious requests?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0