Site adds itself to the permanent whitelist

Ask for help about NoScript, no registration needed to post
lancelot

Site adds itself to the permanent whitelist

Post by lancelot »

Temporarily allow this address:

Code: Select all

filecrypt.cc
Then open this page:

Code: Select all

http://www.filecrypt.cc/helper.html?1505986612020
This gets added as a permanently allowed address:

Code: Select all

http://cnl.filecrypt.cc:9666
Is this supposed to happen?
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Site adds itself to the permanent whitelist

Post by barbaz »

Yes. You already allowed all of filecrypt.cc. NoScript is just making sure the specific full address is allowed.
*Always* check the changelogs BEFORE updating that important software!
-
lancelot

Re: Site adds itself to the permanent whitelist

Post by lancelot »

barbaz wrote:Yes. You already allowed all of filecrypt.cc. NoScript is just making sure the specific full address is allowed.
I allowed filecrypt temporarily. After the two actions described in my post, I see a new site whitelisted permanently. You know, showing in the Whitelist tab in a regular font and not in italics. "Revoke temporary permissions" does not remove that new entry.
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Site adds itself to the permanent whitelist

Post by barbaz »

Sorry, I missed that. No, that is not supposed to happen. The added permission is supposed to be temporary.

And indeed, I checked the site, and the added permission is temporary on my end.

One other thing while I'm here. That site sets off a lot of alarm bells. Here's one of them -

Code: Select all

$ dig cnl.filecrypt.cc

; <<>> DiG 9.10.3-P4-Ubuntu <<>> cnl.filecrypt.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16857
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cnl.filecrypt.cc.              IN      A

;; ANSWER SECTION:
cnl.filecrypt.cc.       1711    IN      A       127.0.0.1

;; Query time: 12 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: xxxxxxxxxxxxxxxxxxxxxxxxxxx
;; MSG SIZE  rcvd: 50
What the ****? That's like a total stranger creeping through your window at night and getting in bed with you while you're asleep. Is something good about to happen to you in that situation?

Personally, I suggest running away. Fast.
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Site adds itself to the permanent whitelist

Post by therube »

I see a new site whitelisted permanently
Cannot confirm here either.

Are you using Private Browsing?
That's like a total stranger creeping through your window at night and getting in bed with you while you're asleep.
Just what is it that they are doing there?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.1
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Site adds itself to the permanent whitelist

Post by barbaz »

therube wrote:Just what is it that they are doing there?
They are tricking your browser into treating your computer as first-party to their site.

Similar use of DNS has been discussed before - https://forums.informaction.com/viewtop ... 841#p75841
*Always* check the changelogs BEFORE updating that important software!
-
lancelot

Re: Site adds itself to the permanent whitelist

Post by lancelot »

therube wrote:
I see a new site whitelisted permanently
Cannot confirm here either.

Are you using Private Browsing?
No, I have history enabled in Firefox and I'm not opening those links in a private window.

I tried opening the same links in Tor Browser (with NoScript updated to 5.0.10 and with scripts forbidden globally), and I'm seeing exactly the same behavior: I get a new whitelist entry that doesn't disappear when I restart Tor Browser.
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Site adds itself to the permanent whitelist

Post by therube »

As a test, create a new, clean Profile.
Install only NoScript. Make no changes.

Open your site.
Temporarily Allow it.

Check NoScript's Whitelist.
Do the two .cc's show was Temporary or Permanant?

Restart FF & check again.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.1 Lightning/5.4
lancelot

Re: Site adds itself to the permanent whitelist

Post by lancelot »

Right, I found the relevant NoScript setting:
if I have "Cascade top document's permissions to 3rd party scripts" checked, everything's fine;
if I have it unchecked, I get the issue with the new permanent permission sneaking in. It's placed in the [System+Principal] section.
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Site adds itself to the permanent whitelist

Post by barbaz »

Well this is weird. I don't see any problem on the linked site, but I can reproduce the bug using my local server. And I get other, very odd, possibly related behavior as well.

Firefox 55.0.3
NoScript 5.0.10rc4
new profile

STR:

1) set a server to listen on ports 80 and 8443, and put up these files -

port-test.html

Code: Select all

<!doctype html>
<body>
<script src="http://THE_SERVER:8443/noise.js"></script>
<script src="noise.js"></script>
<noscript>JavaScript Is Not Enabled</noscript>
</body>
noise.js

Code: Select all

var d = document.createElement('div');
d.textContent = document.currentScript.src + ' ran';
document.body.appendChild(d);
delete d;
Replace THE_SERVER with the actual domain, e.g. localfoo.test or whatever

2) visit http://THE_SERVER/port-test.html

3) Temporarily allow THE_SERVER


Expected results: In NoScript Options > Whitelist, there should be a temporary permission for 'http://THE_SERVER:8443', and the page should say -

Code: Select all

http://THE_SERVER:8443/noise.js ran
http://THE_SERVER/noise.js ran
Actual results: There is a PERMANENT permission for 'http://THE_SERVER:8443', and the page says only -

Code: Select all

http://THE_SERVER:8443/noise.js ran
Reloading the page gives "JavaScript Is Not Enabled".
Forbid THE_SERVER, let the page reload, then Temporarily allow it again, let the page reload, and only then does it display as expected.
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply