Hi forumers, yes that question, Why about:blank is enabled in the NoScript's default settings??
PD: For test, I returned to its default settings, after a long time. Is this unwise?
Why about:blank if is allowed?
Why about:blank if is allowed?
Last edited by turson on Fri Jan 15, 2010 10:28 pm, edited 1 time in total.
Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Why about:blank if is allowed?
Because from time to time a few compatibility issues (mostly if not exclusively with extensions) have surfaced involving about:blank being forbidden, and because there's no security risk associated to having it allowed.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
Re: Why about:blank if is allowed?
Well Maone, but what do you think about this?:
http://news.softpedia.com/news/Firefox- ... 6661.shtml
http://www.securityfocus.com/archive/1/460369
http://lcamtuf.coredump.cx/ffblank/
http://news.softpedia.com/news/Firefox- ... 6661.shtml
http://www.securityfocus.com/archive/1/460369
http://lcamtuf.coredump.cx/ffblank/
Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Why about:blank if is allowed?
Irrelevant: for this (and other about:blank-related exploits), JavaScript needs to be enabled on the web page launching the attack (which of course is different than about:blank, an empty page by definition).turson wrote:Well Maone, but what do you think about this?:
http://news.softpedia.com/news/Firefox- ... 6661.shtml
http://www.securityfocus.com/archive/1/460369
http://lcamtuf.coredump.cx/ffblank/
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
Re: Why about:blank if is allowed?
Concerning default options: ¿Why gstatic.com and googlesyndication.com are allowed?
Thanks .
Thanks .
Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Why about:blank if is allowed?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)