outlook email heavy XSS attacks

Ask for help about NoScript, no registration needed to post
TNT BOM BOM

outlook email heavy XSS attacks

Post by TNT BOM BOM » Sun Nov 29, 2015 11:38 pm

hi there , i have just wrote the topic about XSS attacks in our forum firstly:- https://forums.whonix.org/t/outlook-email-xss-attack-on-tbb-using-whonix-qubes/1699

then i thought i should share it with u so u can c the issue.

browser console log posted here:-

https://dump.to/f51

thnx :)
Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0

TNT BOM BOM

Re: outlook email heavy XSS attacks

Post by TNT BOM BOM » Sun Nov 29, 2015 11:52 pm

sorry forgot to mention :-

noscript version 2.7 with TBB 5.0.4
Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0

barbaz
Senior Member
Posts: 9901
Joined: Sat Aug 03, 2013 5:45 pm

Re: outlook email heavy XSS attacks

Post by barbaz » Mon Nov 30, 2015 12:33 am

Please provide more details and more information.

Are you asking for help or just letting us know that NoScript's XSS filter trips on that site?
What's TBB and what does it have to do with the NoScript XSS warning?
Is the issue present for you only if you use whonix?

The NoScript XSS message(s) seem absent from your screen captures and the console message dump, without them we can't assess the thing that causes the XSS filter to trip.
Also I can't understand any of the discussion on the whonix forum thread... :?
*Always* check the changelogs BEFORE updating that important software!
-

TNT BOM BOM

Re: outlook email heavy XSS attacks

Post by TNT BOM BOM » Mon Nov 30, 2015 12:39 pm

Are you asking for help or just letting us know that NoScript's XSS filter trips on that site?


actually both , im asking if these XSS attacking attempts after logging in outlook mail r known/unknown bad/good ...etc. also to let know to update/inform ur community about this attack.

What's TBB and what does it have to do with the NoScript XSS warning?


TBB = Tor Browser Bundle.

Is the issue present for you only if you use whonix?


whonix is an anonymous distro using security through isolation. and whonix using Tor Browser without adding any modifications inside it (to avoid fingerprints).so happening with me then it should happen with anyone using Tor browser 5.0.4 (stable) with NoScript 2.7 (which is default built in).
The NoScript XSS message(s) seem absent from your screen captures and the console message dump, without them we can't assess the thing that causes the XSS filter to trip.


i did as the alerting message telling me:-

Image

Technical details have been logged to the Console


i have copy/paste the whole console messages in dump.to link. i dunno where else messages i can get.

Also I can't understand any of the discussion on the whonix forum thread... :?


yeah the language used there just for planet mercury ppl. seems u r from uranus or neptune. :P
Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0

barbaz
Senior Member
Posts: 9901
Joined: Sat Aug 03, 2013 5:45 pm

Re: outlook email heavy XSS attacks

Post by barbaz » Mon Nov 30, 2015 2:09 pm

TNT BOM BOM wrote:im asking if these XSS attacking attempts after logging in outlook mail r known/unknown bad/good ...etc. also to let know to update/inform ur community about this attack.

I haven't seen any other reports of it and can't find any through a search.

TNT BOM BOM wrote:i did as the alerting message telling me:

Hmm maybe the console is cutting it off due to too many messages. Try increasing about:config > devtools.hud.loglimit.console to something bigger?

TNT BOM BOM wrote:yeah the language used there just for planet mercury ppl. seems u r from uranus or neptune. :P

Well I'm definitely not from Mercury, but who says I'm from somewhere in this solar system? :lol:
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply