firefox citi.com problems

Ask for help about NoScript, no registration needed to post
gmon
Posts: 2
Joined: Thu Apr 07, 2016 8:34 pm

firefox citi.com problems

Post by gmon » Thu Apr 07, 2016 8:42 pm

Cannot make any payments in a popup box on citi.com unless noscript is first set to allow all globally before going to citi.com. If I don't disable noscript, then the popup box for making payments freezes firefox till it crashes, and I am unable to right click inside the box to allow whatever may be being blocked there. How can I whitelist this in noscript when I can't get to noscript while on the site? Thanks for any and all help!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0

barbaz
Senior Member
Posts: 9505
Joined: Sat Aug 03, 2013 5:45 pm

Re: firefox citi.com problems

Post by barbaz » Thu Apr 07, 2016 8:54 pm

Visit the site with Scripts Globally Allowed and look at the resulting script listing to see what needs to be whitelisted. (This stuff is mostly trial-and-error.)

Depending what the site(s) are this could be a NoScript bug, so please let us know what site(s) need whitelisted to stop the hanging, thanks.
(Tip that might help you: you can copy the entire script listing by right-clicking the NoScript menu not on a site, e.g. right-click the About NoScript entry. Then paste with Ctrl-V.)
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
lakrsrool
Senior Member
Posts: 195
Joined: Wed Nov 12, 2014 4:20 pm

Re: firefox citi.com problems

Post by lakrsrool » Sun Apr 10, 2016 8:40 am

I have had problems with Citibank in both Firefox and Pale Moon and posted HERE regarding my specific issue. I decided to post the resolution to my specific problem now in my topic I have linked here as a result of this topic in case it might be of help (my topic linked here had been initially locked).

gmon, I realized your problem is not exactly what I was experiencing in the topic I've previously linked, but if what I've mentioned below doesn't help then you might take a look at my resolution in the topic linked above and see if that might help. (my impression is that none of the sites blocked by NoScript would be causing your issues so I'm inclined to think my resolution in the other topic may be of more help actually but it's best to touch all bases)

As to what to allow (listed below), if this is your problem, I can say for me at the log-in page I'm allowing all except atdmt.com. Then once logged-in I'm allowing all sites (ensighten.com, google.com, bridgetrack.com and of course citi.com). I'm not sure other than citi.com of course are specifically relevant to citibank or rather I may have allowed some of these for other sites but I have no problems with Citi now in either Firefox or Palemoon allowing what I stipulated here and after making the changes I've posted in the other topic linked above.

Specific allow lists:
LOGIN PAGE (which is probably not a problem):
-atdmt.com
+ensighten.com
+google.com
+bridgetrack.com
+omtrdc.net
+citi.com

AFTER LOGGED-IN - same as when making a payment btw (actually probably doesn't apply to your hang/crash either):
+ensighten.com
+google.com
+bridgetrack.com
+citi.com

Hope this helps. ;)

If you have any questions regarding my solution linked in my other topic just reply to that topic and I'll be happy to followup. :D
Last edited by lakrsrool on Sun Apr 10, 2016 9:36 am, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.9) Gecko/20100101 Goanna/2.0 Firefox/38.9 PaleMoon/26.2.1

User avatar
lakrsrool
Senior Member
Posts: 195
Joined: Wed Nov 12, 2014 4:20 pm

Re: firefox citi.com problems

Post by lakrsrool » Sun Apr 10, 2016 9:16 am

The insane SPAM filtering they do on this board :roll: blocked my link in the post above so I'm posting here instead what I wanted to add to my post above. :evil: (obviously there is no SPAM issue as I'm able to post the same thing here :idea: (it would be nice if they looked into fixing this annoyance :x as this is the ONLY board of the dozens of forums I visit that I've EVER run into that has this ridiculous issue. And not only that but they make it doubly difficult posting screen-shots on top of it also totally different than any other board I've experienced).

Anyway now that I've got that out of my system, here's what I wanted to add:

If my solutions in the Re: Persistent Citibank issue caused by NoScript topic do not apply to your issue it may be that you would need to add a different XSS exception. If you have questions regarding this just post back here or in the other topic. ;)

Btw, you might be interested to know that through the years I've had to add XSS exceptions in NoScript for 3 other banks in the past (specifically Bank of America, National Bank and Union Bank) to get their sites to work correctly and also had to recently add an XSS exception in Pale Moon's XSS filter for the Merrill Edge brokerage website as well in order to facilitate trades as they require more levels of security than most brokerages require. So it's not that uncommon of a problem in regards to XSS protection and I would add apparently especially in the case of financial institutions.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.9) Gecko/20100101 Goanna/2.0 Firefox/38.9 PaleMoon/26.2.1

gmon
Posts: 2
Joined: Thu Apr 07, 2016 8:34 pm

Re: firefox citi.com problems

Post by gmon » Sun Apr 10, 2016 2:51 pm

Thankyou for responding barbaz, but right clicking the about noscript does nothing at all, so I am at a loss how to proceed there.

Thankyou lakrsrool for all your detailed help, I added those sites to the whitelist, went to citi.com, logged in and ran into even more trouble, on the account detail page I had to allow two more sites, one was adlight, the other I don't know because it all locked up again, I waited till the windows dialog box came up with program not responding, closed it, went again, got as far as the actual popup for making payments and this time clicking around inside the box to try and get a context menu so I could see what noscript was blocking this time made firefox ask me if I wanted to download the javascript for the box, so I forced it closed and gave up. I had already sent citi.com a message saying the site was almost unusable in firefox and completely unusable with noscript enabled so I will just continue to use chrome when I have to make a payment as I I don't want to allow xss exceptions, but thanks again to both of you for trying, and if someone more open to experimentation than I am can duplicate the problem maybe it can be resolved, and I have no other problems ( so far! ) on any other banking sites, so this may be an exclusive citi.com problem and may not be worth the aggravation.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0

barbaz
Senior Member
Posts: 9505
Joined: Sat Aug 03, 2013 5:45 pm

Re: firefox citi.com problems

Post by barbaz » Sun Apr 10, 2016 3:26 pm

gmon wrote:Thankyou for responding barbaz, but right clicking the about noscript does nothing at all,

Pasting into, say, this board's reply box with Ctrl-V after right-clicking the About NoScript just pastes whatever you had copied before?
Sure, it won't appear to do anything, but it should have anyway copied the full state of the menu. (It works for me.)

FWIW:
ensighten = tracker
omtrdc = tracker
atdmt = ad server
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
lakrsrool
Senior Member
Posts: 195
Joined: Wed Nov 12, 2014 4:20 pm

Re: firefox citi.com problems

Post by lakrsrool » Sun Apr 10, 2016 5:29 pm

barbaz, this is what the NoScript right-click gives me:
-atdmt.com
+ensighten.com
+google.com
+bridgetrack.com
+omtrdc.net
+citi.com

Looks a little different than yours, obviously showing what I've allowed "+" and what I have not allowed "-".
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.9) Gecko/20100101 Goanna/2.0 Firefox/38.9 PaleMoon/26.2.1

User avatar
lakrsrool
Senior Member
Posts: 195
Joined: Wed Nov 12, 2014 4:20 pm

Re: firefox citi.com problems

Post by lakrsrool » Sun Apr 10, 2016 5:54 pm

gmon wrote:Thankyou lakrsrool for all your detailed help, I added those sites to the whitelist, went to citi.com, logged in and ran into even more trouble, on the account detail page I had to allow two more sites, one was adlight, the other I don't know because it all locked up again, I waited till the windows dialog box came up with program not responding, closed it, went again, got as far as the actual popup for making payments and this time clicking around inside the box to try and get a context menu so I could see what noscript was blocking this time made firefox ask me if I wanted to download the javascript for the box, so I forced it closed and gave up. I had already sent citi.com a message saying the site was almost unusable in firefox and completely unusable with noscript enabled so I will just continue to use chrome when I have to make a payment as I I don't want to allow xss exceptions, but thanks again to both of you for trying, and if someone more open to experimentation than I am can duplicate the problem maybe it can be resolved, and I have no other problems ( so far! ) on any other banking sites, so this may be an exclusive citi.com problem and may not be worth the aggravation.


Yes, this is exclusive to Citibank using the XSS filters. Chrome does not provide NoScript protection of course so what this amounts using Chrome is to not having any XSS protection at all presumably.

I have contacted Citibank myself until I realized that the issue was XSS protection filters causing the problems with their banks website. Point being, all recent builds for browsers will work on this Citibank website absent the NoScript XSS protection being engaged. What I have done in Pale Moon for this website is so to speak bypassed the XSS protection and since Pale Moon has it's own built in XSS protection as of build 26 I'm still protected anyway as I see it.

I can understand your frustration as it's not an issue regarding the "white list" in NoScript at all in this case. You can allow every request in NoScript for this website and the problem will persist simply because the issue is with the NoScript XSS filter. And obviously the suggested work-arounds necessary to get the website to work are cumbersome and admittedly far too complicated for the casual user.

If you want XSS protection you might consider using the Pale Moon browser instead of Chrome. But of course if you want to also use NoScript (as I do to some extent for other reasons than XSS protection actually) then you would need to do what I explained in my post regarding the NoScripts XSS exception setting. That said in your case what you would do is take the URL that is causing your hang/crash and add it to the XSS exception list in NoScript. Now I've been informed this is avoiding the XSS protection NoScript provides but as I see it Pale Moon already provides the protection anyway so I'm protected regardless as a result of using the Pale Moon browser. If you take a look at Pale Moons security I think you'll find it is far more secure than Chrome and other browsers in my opinion as the developer is frankly very security focused to the point Pale Moon is relatively unforgiving regarding "spec" vulnerabilities that exist on many other browsers.

Pale Moon is far faster than Chrome very robust and by the way (what I like) far more configurable and has great support with great forum that is easy to work with.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.9) Gecko/20100101 Goanna/2.0 Firefox/38.9 PaleMoon/26.2.1

User avatar
lakrsrool
Senior Member
Posts: 195
Joined: Wed Nov 12, 2014 4:20 pm

Re: firefox citi.com problems

Post by lakrsrool » Sun Apr 10, 2016 9:41 pm

gmon, I would like to add to my post above a word of advice, rather than using exactly the format (concept not necessarily specifics) that I posted regarding XSS exception formating you would use if you so decided to do so it would be imperative that you follow the concepts posted by barbaz at the bottom of the specific post linked here Re: Persistent Citibank issue caused by NoScript. Beyond a doubt barbaz knows this stuff exceptionally well and the format suggested in this other post is a far safer way to enter a XSS exception in NoScript as illustrated by barbaz. ;) (barbaz also included a lot of other informative stuff worth reading though as well in this other topic)
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.9) Gecko/20100101 Goanna/2.0 Firefox/38.9 PaleMoon/26.2.1

Post Reply