Keep getting XSS warning when I open my browser

Ask for help about NoScript, no registration needed to post
JJ

Keep getting XSS warning when I open my browser

Post by JJ » Fri Nov 24, 2017 8:21 pm

I keep getting a XSS warning every time I start firefox. It is from the same website. I went there once, but haven't been back. I'm worried I either got some sort of virus or this is a NoScript bug. Hopefully it is the later.

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from [...] to https://tempostorm.com.

Suspicious data:

(URL) https://tempostorm.com/{{ metaservice.ogMetaImage() }}
Last edited by barbaz on Fri Nov 24, 2017 9:24 pm, edited 1 time in total.
Reason: kill board-generated links
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Pansa

Re: Keep getting XSS warning when I open my browser

Post by Pansa » Fri Nov 24, 2017 8:29 pm

JJ wrote:I keep getting a XSS warning every time I start firefox. It is from the same website. I went there once, but haven't been back. I'm worried I either got some sort of virus or this is a NoScript bug. Hopefully it is the later.

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from [...] to https://tempostorm.com.

Suspicious data:

(URL) https://tempostorm.com/{{ metaservice.ogMetaImage() }}
Does your FF open to a blank page, or the "hub" page where they show you a lot of links you may want to visit?
Potentially it loads part of that page for that hub.

But it also means you gave [...] script permissions to begin with, because if it weren't allowed to run scripts, it wouldn't be allowed to crosscript to begin with.
Go to the Noscript options find [...] and look at what it is set to. If it isn't there, check what permissions the "default" preset has (you usually want default to have NO permissions)

If you still think something messed with your FF that way, I like "adwcleaner" for that. It's not a virusscanner, but it finds that kind of chicanery quite well. It's lightweight, no install, run on demand and has recently been bought by the malwarebytes folk.
Last edited by barbaz on Fri Nov 24, 2017 9:24 pm, edited 1 time in total.
Reason: kill board-generated links
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

barbaz
Senior Member
Posts: 9720
Joined: Sat Aug 03, 2013 5:45 pm

Re: Keep getting XSS warning when I open my browser

Post by barbaz » Fri Nov 24, 2017 9:26 pm

Pansa wrote: it also means you gave [...] script permissions to begin with, because if it weren't allowed to run scripts, it wouldn't be allowed to crosscript to begin with.
Nope, XSS can happen without the malicious site being Allowed. IIRC NoScript Classic actually uses a stricter XSS filter for requests originating from untrusted sites, than for requests originating from trusted sites.

See https://forums.informaction.com/viewtop ... 942#p91942 for a short explanation of what XSS is.
*Always* check the changelogs BEFORE updating that important software!
-

Pansa
Senior Member
Posts: 318
Joined: Fri Nov 24, 2017 10:30 pm

Re: Keep getting XSS warning when I open my browser

Post by Pansa » Fri Nov 24, 2017 10:43 pm

barbaz wrote:
Pansa wrote: it also means you gave [...] script permissions to begin with, because if it weren't allowed to run scripts, it wouldn't be allowed to cross-script to begin with.
Nope, XSS can happen without the malicious site being Allowed. IIRC NoScript Classic actually uses a stricter XSS filter for requests originating from untrusted sites, than for requests originating from trusted sites.

See "link" for a short explanation of what XSS is.
Err, no, just about every site uses javascript from another domain and it's not an attack situation. XSS is when a malicious site injects its Javascript code into another site, e g your bank, and your bank site then runs the malicious code in its own context, i.e. as though the malicious site's injected code were part of the bank site's own code. Your browser is the vector for this injection.
That is exactly what I mean.
In that example if I block the Bank's scripts, there shouldn't be an attack to begin with. It runs in the Bank's context. If I allow the bank, the attack is that I inadvertently allow someone else who injected something.

he wrote
from [...] to storm
I assume the [...] means a site he is not comfortable disclosing here.

I checked on imdb (which uses xss to call it's advertising network *hmpf*)
And the XSS warning comes up although I have BOTH on untrusted (for testing).

My question is why is NS warning me of something running in the imdb context, if I explicitly don't want imdb to execute ANY scripts (injected or not)?
I assume that is pointing back to the missing noscript tag?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Azijn
Junior Member
Posts: 22
Joined: Sat Nov 25, 2017 2:01 pm

Re: Keep getting XSS warning when I open my browser

Post by Azijn » Sat Nov 25, 2017 8:15 am

I assume the [...] means a site he is not comfortable disclosing here.
Nope. It literally says [...]/

I get the same thing for a newspaper site (nrc.nl). For some reason it's always the same site:

This is the full text of the pop-up I keep getting.
---
NoScript detected a potential Cross-Site Scripting attack

from [...] to https://images.nrc.nl.

Suspicious data:

(URL) https://images.nrc.nl/mszTFGmkKoXHIjgT- ... 1/geld.png
---

Interestingly when I don't even have anything related to the newspaper site open.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0

grizzler
Posts: 10
Joined: Mon Oct 16, 2017 9:06 am

Re: Keep getting XSS warning when I open my browser

Post by grizzler » Sat Nov 25, 2017 11:32 am

NoScript's XSS handling is broken. On my system, it can't be switched off and keeps interfering as long as the add-on is installed, even if it's switched off in the add-on manager. On top op that, its popups are empty here. No text at all. I was forced to remove NoScript completely to be able to log in to a work related site.
Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Pansa
Senior Member
Posts: 318
Joined: Fri Nov 24, 2017 10:30 pm

Re: Keep getting XSS warning when I open my browser

Post by Pansa » Sat Nov 25, 2017 1:27 pm

Guest wrote:
I assume the [...] means a site he is not comfortable disclosing here.
Nope. It literally says [...]/

I get the same thing for a newspaper site (nrc.nl). For some reason it's always the same site:

This is the full text of the pop-up I keep getting.
---
NoScript detected a potential Cross-Site Scripting attack

from [...] to https://images.nrc.nl.

Suspicious data:

(URL) https://images.nrc.nl/mszTFGmkKoXHIjgT- ... 1/geld.png
---

Interestingly when I don't even have anything related to the newspaper site open.
I am a bit confused now.
When you open firefox you get TWO immediate popups?

And you seem to have skipped my initial response up there.
Both those seem to load an image form otherwise "normal" webpages. If they do that without you actually BEING on that page knowingly, either it is prefetching those pages (based on you already having been there (In which case the Firefox "starting page" may be the culprit, the one with pages you might find interesting or have visited) or something else.
grizzler wrote:NoScript's XSS handling is broken. On my system, it can't be switched off and keeps interfering as long as the add-on is installed, even if it's switched off in the add-on manager. On top op that, its popups are empty here. No text at all. I was forced to remove NoScript completely to be able to log in to a work related site.
This seems like a "linux" problem. There are some other threads about layout problems with linux/ubuntu
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Azijn
Junior Member
Posts: 22
Joined: Sat Nov 25, 2017 2:01 pm

Re: Keep getting XSS warning when I open my browser

Post by Azijn » Sat Nov 25, 2017 2:27 pm

@Pansa, apologies for the confusion. I just registered, and I'm the 'guest' from the second post, but a different person from the original poster JJ.
If they do that without you actually BEING on that page knowingly, either it is prefetching those pages (based on you already having been there (In which case the Firefox "starting page" may be the culprit
I think you're on the money there. After having surfed a bit on other pages, the pop-up stopped happening from one page (nrc.nl), but started appearing for a different page! I have now disabled the 'starting page' content, and am no longer experiencing the issue.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0

rugk
Junior Member
Posts: 23
Joined: Mon Dec 28, 2015 3:40 pm

Re: Keep getting XSS warning when I open my browser

Post by rugk » Tue Nov 28, 2017 10:42 pm

Had a similar issue: https://forums.informaction.com/viewtop ... =7&t=23870

The actual issue is just the website having a broken SEO/metatag for image or description.(respectively using a JS templating system for their SEO information) When Firefox then tries to load this, it tries to load it with these curly brackets ("{{ templae }}") in the URL and NoScript detects this as a potential XSS attack – which it of course is not, in this case.
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Post Reply