https://imgur.com/a/D9xzu
[RESOLVED] FF57 search being detected as XSS attack
[RESOLVED] FF57 search being detected as XSS attack
Using the search functionality built into Firefox 57 (either via the unified address bar or via the separate search box) searches are being picked up as a XSS attack (see screenshot). The only thing that has changed from not having this behavior to having it, is updating NoScript to 10.1.5. This seems to only happen with Google, so far. I cannot recreate it if I use one of my other search engines (such as DuckDuckGo). I initially thought this was only happening with Google but I was able to recreate it with Wikipedia as well.
https://imgur.com/a/D9xzu
https://imgur.com/a/D9xzu
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: FF57 search being detected as XSS attack
I'm getting this on every page I open just starting tonight. I had to disable noscript because every link I click causes this popup.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: FF57 search being detected as XSS attack
Is this problem still there in NoScript 10.1.5.1?
*Always* check the changelogs BEFORE updating that important software!
-
Re: FF57 search being detected as XSS attack
On 10.1.5 and firefox reports no update found when I manually update.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: FF57 search being detected as XSS attack
I just updated to 10.1.5.1 via Firefox so it is now all in place. Update to the new .1 and see if that eliminates your problemGray wrote:On 10.1.5 and firefox reports no update found when I manually update.
Release notes:
v 10.1.5.1
=============================================================
x Fixed regression from new "fail fast" XSS filter main loop,
causing cross-site requests to Google to trigger false
positives (thanks Steve M for reporting)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0
Re: FF57 search being detected as XSS attack
No, 10.1.5.1 seems to have addressed the issue. Cool.barbaz wrote:Is this problem still there in NoScript 10.1.5.1?
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0
Re: [RESOLVED] FF57 search being detected as XSS attack
Great, thanks for reporting back.
*Always* check the changelogs BEFORE updating that important software!
-
Re: [RESOLVED] FF57 search being detected as XSS attack
Not resolved for me. I've tried updating, I've relaunched firefox, reboot my computer, I still get xss attack every time.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0