[RESOLVED] FF57 search being detected as XSS attack

Ask for help about NoScript, no registration needed to post
User avatar
SyberCorp
Posts: 17
Joined: Tue Nov 14, 2017 3:05 pm
Location: Indianapolis, IN

[RESOLVED] FF57 search being detected as XSS attack

Post by SyberCorp »

Using the search functionality built into Firefox 57 (either via the unified address bar or via the separate search box) searches are being picked up as a XSS attack (see screenshot). The only thing that has changed from not having this behavior to having it, is updating NoScript to 10.1.5. This seems to only happen with Google, so far. I cannot recreate it if I use one of my other search engines (such as DuckDuckGo). I initially thought this was only happening with Google but I was able to recreate it with Wikipedia as well.

https://imgur.com/a/D9xzu
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Gray

Re: FF57 search being detected as XSS attack

Post by Gray »

I'm getting this on every page I open just starting tonight. I had to disable noscript because every link I click causes this popup.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: FF57 search being detected as XSS attack

Post by barbaz »

Is this problem still there in NoScript 10.1.5.1?
*Always* check the changelogs BEFORE updating that important software!
-
Gray

Re: FF57 search being detected as XSS attack

Post by Gray »

On 10.1.5 and firefox reports no update found when I manually update.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
8-bit
Senior Member
Posts: 99
Joined: Thu Mar 16, 2017 7:43 pm

Re: FF57 search being detected as XSS attack

Post by 8-bit »

Gray wrote:On 10.1.5 and firefox reports no update found when I manually update.
I just updated to 10.1.5.1 via Firefox so it is now all in place. Update to the new .1 and see if that eliminates your problem

Release notes:

v 10.1.5.1
=============================================================
x Fixed regression from new "fail fast" XSS filter main loop,
causing cross-site requests to Google to trigger false
positives (thanks Steve M for reporting)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0
User avatar
SyberCorp
Posts: 17
Joined: Tue Nov 14, 2017 3:05 pm
Location: Indianapolis, IN

Re: FF57 search being detected as XSS attack

Post by SyberCorp »

barbaz wrote:Is this problem still there in NoScript 10.1.5.1?
No, 10.1.5.1 seems to have addressed the issue. Cool.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: [RESOLVED] FF57 search being detected as XSS attack

Post by barbaz »

Great, thanks for reporting back. Image
*Always* check the changelogs BEFORE updating that important software!
-
Icebice

Re: [RESOLVED] FF57 search being detected as XSS attack

Post by Icebice »

Not resolved for me. I've tried updating, I've relaunched firefox, reboot my computer, I still get xss attack every time.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Post Reply