Gloops wrote:I saw a white list in the options of NoScript, but no black list.
It's not available via the NoScript Options. You either need to Mark it as Untrusted in the GUI (make sure you have 'NoScript Options > Appearance > Full Domains' checked) while visiting the site, or edit about:config > noscript.untrusted and insert that domain in alphabetical order.
OK I checked full domains, and so discovered that we also have a call to much more other domains than I first thought (including weborama, google ...)
par.societegenerale.fr has two sub-domains that are also called. I marked par.societegenerale.fr as untrusted, I hope I shall not have any complain that the user could not connect
Do you have any idea what par.societegenerale.fr does, and why it is so dangerous as you say ?
Mozilla/5.0 (Windows NT 6.0; rv:42.0) Gecko/20100101 Firefox/42.0
The problem is that they are using a highly insecure means to pass data around (any site can read it and tamper with it), and that data looks like it could potentially be XSS, meaning that attackers may potentially be able to sabotage that data such that they get to run arbitrary attack script in the context of your bank site and do all sorts of nasty stuff. Not good.
*Always* check the changelogs BEFORE updating that important software!
NoScript can't fix the bank's problem; the best you can do is isolate the bank website so it's harder for other sites to tamper with it. That's where a separate profile may be helpful. Alternatively, you could try writing ABE rules to deny cross-site access.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0
The main domain (societegenerale.fr) is on my whitelist and I even tried with NS in "Scripts Globally Allowed" mode, but there's nothing to do, accessing the page still completely blocks Firefox.
Could this be addressed in the next update please...? I really hate using IE every time I have to check my account...
Mozilla/5.0 (Windows NT 10.0; rv:44.0) Gecko/20100101 Firefox/44.0
NS001 wrote:I will just have to disable NoScript when online banking.
It's usually better to create a second profile for online banking. If you know what you're doing, it's even possible to run two profiles in two separate instances of Firefox at the same time.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0