NoScript: 10.1.6.4
Firefox: 58.0.1 (linux)
If I try to visit this link {https://boingboing.net/2018/02/02/nunesmemo.html} with XSS sanitization enabled, Firefox hangs until force closed. Page works fine with XSS sanitization disabled. Suspect the embedded scribd content is probably the culprit.
BUG: NS10 XSS Sanitization Hangs Firefox
BUG: NS10 XSS Sanitization Hangs Firefox
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: BUG: NS10 XSS Sanitization Hangs Firefox
Confirmed an issue.
Allow boingboing.net.
then
Allow twiiter.com.
CPU eats 1-core.
Not sure how to determine that its an XSS issue ? as I received no warnings.
NoScript icon goes "wacky", inoperable.
Browser itself does not hang.
You can open tabs, hmm, or even close tabs, including the boingboing tab.
You can "type in" a URL or "open" a link, but no page ever loads.
Only way to "fix" things is to restart the browser.
Allow boingboing.net.
then
Allow twiiter.com.
CPU eats 1-core.
Not sure how to determine that its an XSS issue ? as I received no warnings.
NoScript icon goes "wacky", inoperable.
Browser itself does not hang.
You can open tabs, hmm, or even close tabs, including the boingboing tab.
You can "type in" a URL or "open" a link, but no page ever loads.
Only way to "fix" things is to restart the browser.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.2
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: BUG: NS10 XSS Sanitization Hangs Firefox
Does this problem persist with latest development build 10.1.6.rc3?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Re: BUG: NS10 XSS Sanitization Hangs Firefox
10.1.6_5_.rc3 is where I was at.
And yes, still an issue with noscript-10.1.6.5rc4.xpi.
FWIW, not an issue with SeaMonkey 2.49.2 & noscript-5.1.8.4rc3.xpi.
And yes, still an issue with noscript-10.1.6.5rc4.xpi.
FWIW, not an issue with SeaMonkey 2.49.2 & noscript-5.1.8.4rc3.xpi.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.2