This morning, I was using Firefox and went to the menu "Tools/Add-ons", but the "Get Add-ons" page did not load correctly (what did load made it sound like I was not connected to the Internet), and I saw a NoScript message about a XSS attempt being blocked. The only way I could get the "Get Add-ons" page to load was to click "Options/Unsafe reload".
Looking at the console, the relevant portion appears to be:
Code: Select all
[NoScript InjectionChecker] JavaScript Injection in ///en-US/firefox/discovery/pane/51.0.1/WINNT/normal#{%22{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}%22:{%22name%22:%22CoLT%22,%22version%22:%222.6.7%22,%22type%22:%22extension%22,%22userDisabled%22:false,%22isCompatible%22:true,%22isBlocklisted%22:false},%22{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}%22:{%22name%22:%22WOT%22,%22version%22:%2220151208%22,%22type%22:%22extension%22,%22userDisabled%22:true,%22isCompatible%22:true,%22isBlocklisted%22:false},%22jid1-sNL73VCI4UB0Fw@jetpack%22:{%22name%22:%22Flash%20Control%22,%22version%22:%222.1.4%22,%22type%22:%22extension%22,%22userDisabled%22:false,%22isCompatible%22:true,%22isBlocklisted%22:false},%22{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}%22:{%22name%22:%22IE%20Tab%202%20(FF%203.6+)%22,%22version%22:%226.2.18.1%22,%22type%22:%22extension%22,%22userDisabled%22:false,%22isCompatible%22:true,%22isBlocklisted%22:false},%22{123647d5-da43-4344-bfe2-fc093bdf8f5e}%22:{%22name%22:%22InlineDisposition%22,
[NoScript XSS] Sanitized suspicious request. Original URL [https://discovery.addons.mozilla.org/en-US/firefox/discovery/pane/51.0.1/WINNT/normal#{%22{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}%22:{%22name%22:%22CoLT%22,%22version%22:%222.6.7%22,%22type%22:%22extension%22,%22userDisabled%22:false,%22isCompatible%22:true,%22isBlocklisted%22:false},%22{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}%22:{%22name%22:%22WOT%22,%22version%22:%2220151208%22,%22type%22:%22extension%22,%22userDisabled%22:true,%22isCompatible%22:true,%22isBlocklisted%22:false},%22jid1-sNL73VCI4UB0Fw@jetpack%22:{%22name%22:%22Flash%20Control%22,%22version%22:%222.1.4%22,%22type%22:%22extension%22,%22userDisabled%22:false,%22isCompatible%22:true,%22isBlocklisted%22:false},%22{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}%22:{%22name%22:%22IE%20Tab%202%20(FF%203.6+)%22,%22version%22:%226.2.18.1%22,%22type%22:%22extension%22,%22userDisabled%22:false,%22isCompatible%22:true,%22isBlocklisted%22:false},%22{123647d5-da43-4344-bfe2-fc093bdf8f5e
Sending message that cannot be cloned. Are you trying to send an XPCOM object? MessageChannel.jsm:657:6
[NoScript] Force text/plain for missing content-type on https://discovery.addons.mozilla.org/en-US/firefox/#7671180101123021598
Content Security Policy: Directive ‘frame-src’ has been deprecated. Please use directive ‘child-src’ instead. (unknown)
The character encoding of the plain text document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the file needs to be declared in the transfer protocol or file needs to use a byte order mark as an encoding signature. firefox
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https://addons-discovery.cdn.mozilla.net https://www.google-analytics.com/analytics.js”).
I know Firefox's developers recently changed the look and functionality of the Firefox "Get Add-ons" page (as loaded from the browser menus), but I could have sworn it loaded correctly prior to this.
How do I [re]configure the XSS options in NoScript to correct this, so I don't have to use "Unsafe reload" every time?
Aimhere