[RESOLVED] Clickjacking false positive?

General discussion about the NoScript extension for Firefox
Post Reply
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

[RESOLVED] Clickjacking false positive?

Post by barbaz »

was just trying to open last closed tab with Cmd-Shift-T, and it didn't happen and NoScript gave me a clickjacking warning?
Screenshot toggle was between a blank page and the page I was on.

False positive or actual clickjacking (rather, er, "keyboard-jacking")?

Report ID: 227810
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Clickjacking false positive?

Post by Thrawn »

I don't think that that could be actual clickjacking. It would have to be a false positive.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Clickjacking false positive?

Post by barbaz »

Well, I was on a YouTube video page watching a Flash video, so I thought it could be possible that NoScript swallowed that keystroke to prevent Flash getting it - although it's never done that before...

(offtopic: What info is contained in a NoScript clickjacking report?)
*Always* check the changelogs BEFORE updating that important software!
-
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Clickjacking false positive?

Post by barbaz »

bump
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Clickjacking false positive?

Post by Giorgio Maone »

A clickjacking report contains the two rectangles whose comparison triggered ClearClick and the two URLs, of the top document and of the subdocument.
Yes, it's a false positive due to the fast switching in keyboard focus.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Clickjacking false positive?

Post by barbaz »

Thanks.
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply