In the changelog there is:
I'm curious, which attacks did ES6 enabled that NoScript had to be tweaked to protect against ?x [XSS] Better protection against some ES6 attacks (thanks Masato Kinugawa for reporting)
Thanks
Information on ES6 attacks thwarted by NoScript 2.6.9.13
Information on ES6 attacks thwarted by NoScript 2.6.9.13
Hi,
In the changelog there is:
Thanks
In the changelog there is:
Thanks
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Information on ES6 attacks thwarted by NoScript 2.6.9.13
One using a funny combo of string interpolation (a new, very tricky ES6 feature) and nested comments.
I'll leave to Masato publishing the gory details.
I'll leave to Masato publishing the gory details.
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Re: Information on ES6 attacks thwarted by NoScript 2.6.9.13
Ok thanks, I'll see if he publishes something in English 
For anyone interested in new threats posed by ES6, I found this. A vulnerability with NoScript XSS protection was even found and quickly fixed. It's interesting to see that ES6 features can take even NoScript off guard, but of course there needs to be a whitelisted site involved for attackers to have a chance to run anything ES6.
For anyone interested in new threats posed by ES6, I found this. A vulnerability with NoScript XSS protection was even found and quickly fixed. It's interesting to see that ES6 features can take even NoScript off guard, but of course there needs to be a whitelisted site involved for attackers to have a chance to run anything ES6.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0