For the last few days if I enter a search term with the word "name" in it in the Firefox search bar I immediately get an empty NoScript XSS warning with the URL of the search engine in it. This is regardless of which search engine I choose, they all do it. Also, I have NoScript restrictions turned off completely and still get the warning. This may affect other search terms too, I'm not sure, "name" is just the last one I figured out.
I've tried this on different computers with completely different OS's and they all do it. Seems like it might be directly related to NoScript?
I'm running v11.2.19
XSS warning when searching from Firefox with certain terms
-
geissis
XSS warning when searching from Firefox with certain terms
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: XSS warning when searching from Firefox with certain terms
It's fixed in latest development build (11.2.20 has been already submitted to AMO and waiting for review):
v 11.2.20rc1
============================================================
x [L10n] Updated de
x [XSS] Fix false positive warning when "name" is in the
query string (thanks John Shield / DuckDuckGo for
reporting)
v 11.2.20rc1
============================================================
x [L10n] Updated de
x [XSS] Fix false positive warning when "name" is in the
query string (thanks John Shield / DuckDuckGo for
reporting)
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0