NoScript 2.6.8.5 is unexpectedly not blocking a script where I expect it to block a script. Since this appears to be a security issue, I've shown everything but the exact information, which I've marked [redacted]. If you want me to put this information on a public forum, please confirm, since I can't un-post it once I've posted it.
1) I disabled all extensions except NoScript.
2) I reset NoScript (after exporting my settings)
3) I quit Firefox (25.0.1), deleted extensions.[whatever] files, and restarted.
4) Details
a) The address or addresses (URL) where this occurs: [redacted]
NoScript status shows the snake with a big red forbidden symbol over it, followed by the words "Scripts currently forbidden" | <SCRIPT>: 2 | <OBJECT>: 0
b) the exact steps we need to follow to reproduce your problem
1. In the drop-down menu reading [redacted], choose [redacted].
Actual result: Browser goes to [redacted] (uses JavaScript to accomplish this)
Expected result: Script blocked
[23:52:20.517] HEAD [redacted] [HTTP/1.1 200 OK 398ms]
[23:52:20.941] GET [redacted] [HTTP/1.1 200 OK 233ms]
[23:52:21.342] GET [redacted] [HTTP/1.1 200 OK 219ms]
[23:52:21.344] GET [redacted] [HTTP/1.1 200 OK 416ms]
[23:52:21.175] Unknown property 'frameborder'. Declaration dropped. @ [redacted]:[redacted]
------
Afterwards, I confirmed that the page load was being done with JavaScript by disabling both JavaScript and NoScript and restarting the browser. With JavaScript and NoScript disabled, I get the following:
1. In the drop-down menu reading [redacted], choose [redacted].
Actual result: Nothing happens
Expected result: Nothing happens
[INVALID] NoScript unexpectedly not blocking script
[INVALID] NoScript unexpectedly not blocking script
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Re: NoScript unexpectedly not blocking script
Well, it's difficult to help unless we know at least the url where this occurs...is it sensitive information?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (Symbian/3; Series60/5.3 NokiaN8-00/111.030.0609; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/533.4 (KHTML, like Gecko) NokiaBrowser/7.4.2.6 Mobile Safari/533.4 3gpp-gba
-
Giorgio Maone
- Site Admin
- Posts: 9528
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: NoScript unexpectedly not blocking script
Could you send me an email or a PM with more details (at least the URL where this happens)?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Re: NoScript unexpectedly not blocking script
@Georgio - PM sent.
@Thawn - If there is a security issue, posting it here makes the bug available to the baddies.
@Thawn - If there is a security issue, posting it here makes the bug available to the baddies.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
-
Giorgio Maone
- Site Admin
- Posts: 9528
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: NoScript unexpectedly not blocking script
In case you're wondering, OP was alarmed by the dropdown menus on this web site working even if NoScript was blocking JavaScript there.
It's a feature, not a bug: NoScript Options|Advanced|Untrusted|Attempt to fix JavaScript links.
It's a feature, not a bug: NoScript Options|Advanced|Untrusted|Attempt to fix JavaScript links.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Re: NoScript unexpectedly not blocking script
Thank you. Now I know.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0