NoScript causing hang on lloydstsb UK Bank?

Ask for help about NoScript, no registration needed to post
Gloops
Posts: 14
Joined: Wed Nov 25, 2015 5:39 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by Gloops »

barbaz wrote:
Gloops wrote:I saw a white list in the options of NoScript, but no black list.
It's not available via the NoScript Options. You either need to Mark it as Untrusted in the GUI (make sure you have 'NoScript Options > Appearance > Full Domains' checked) while visiting the site, or edit about:config > noscript.untrusted and insert that domain in alphabetical order.
OK I checked full domains, and so discovered that we also have a call to much more other domains than I first thought (including weborama, google ...)

par.societegenerale.fr has two sub-domains that are also called. I marked par.societegenerale.fr as untrusted, I hope I shall not have any complain that the user could not connect :)

Do you have any idea what par.societegenerale.fr does, and why it is so dangerous as you say ?
Mozilla/5.0 (Windows NT 6.0; rv:42.0) Gecko/20100101 Firefox/42.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz »

The problem is that they are using a highly insecure means to pass data around (any site can read it and tamper with it), and that data looks like it could potentially be XSS, meaning that attackers may potentially be able to sabotage that data such that they get to run arbitrary attack script in the context of your bank site and do all sorts of nasty stuff. Not good.
*Always* check the changelogs BEFORE updating that important software!
-
Gloops
Posts: 14
Joined: Wed Nov 25, 2015 5:39 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by Gloops »

Oh ... I am afraid the only thing I can do is to wait for the NoScript team to find a more secure protocol ...
Mozilla/5.0 (Windows NT 6.0; rv:42.0) Gecko/20100101 Firefox/42.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz »

???
What does this have to do with the NoScript team? You mean the bank's IT/webmaster team?
*Always* check the changelogs BEFORE updating that important software!
-
Gloops
Posts: 14
Joined: Wed Nov 25, 2015 5:39 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by Gloops »

barbaz wrote:???
What does this have to do with the NoScript team? You mean the bank's IT/webmaster team?
For sure that would be best :)
Mozilla/5.0 (Windows NT 6.0; rv:42.0) Gecko/20100101 Firefox/42.0
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: NoScript causing hang on lloydstsb UK Bank?

Post by Thrawn »

NoScript can't fix the bank's problem; the best you can do is isolate the bank website so it's harder for other sites to tamper with it. That's where a separate profile may be helpful. Alternatively, you could try writing ABE rules to deny cross-site access.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0
Guest

Re: NoScript causing hang on lloydstsb UK Bank?

Post by Guest »

bgiles wrote:Does the following not work for other Lloyds Bank customers using NoScript?

Allow: secure.lloydsbank.co.uk (i.e. added to whitelist)
Remove all other entries containing lloydsbank.co.uk from whitelist.

I've been using this arrangement for a few days now, loads normally, and without any apparent side effects.
Hi bgiles, thanks a lot for this solution, I can confirm that it works fine for me :)
Mozilla/5.0 (X11; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0 Iceweasel/42.0
MJV

Re: NoScript causing hang on lloydstsb UK Bank?

Post by MJV »

The issue is still unresolved for the site of French bank Societe generale : https://particuliers.societegenerale.fr/

The main domain (societegenerale.fr) is on my whitelist and I even tried with NS in "Scripts Globally Allowed" mode, but there's nothing to do, accessing the page still completely blocks Firefox.

Could this be addressed in the next update please...? I really hate using IE every time I have to check my account...
Mozilla/5.0 (Windows NT 10.0; rv:44.0) Gecko/20100101 Firefox/44.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz »

Nothing to address in NoScript. Instructions what to do about your specific site have already been given in this thread: viewtopic.php?p=80079#p80079
*Always* check the changelogs BEFORE updating that important software!
-
NS001
Junior Member
Posts: 25
Joined: Fri Feb 08, 2013 2:14 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by NS001 »

Exactly same problem as reported for https://www.bancsabadell.com/

viewtopic.php?f=7&t=21629

Did look at this topic before posting under general.

There are no about:crashes reports. It hangs and have to forcibly shut down FF.

I will just have to disable NoScript when online banking.
Mozilla/5.0 (Windows NT 6.2; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: NoScript causing hang on lloydstsb UK Bank?

Post by Thrawn »

NS001 wrote:I will just have to disable NoScript when online banking.
It's usually better to create a second profile for online banking. If you know what you're doing, it's even possible to run two profiles in two separate instances of Firefox at the same time.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0
didier
Posts: 1
Joined: Thu Mar 17, 2016 12:30 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by didier »

I confirm the problem with LCL and SG

my solution

I put the following lines in my .host to blacklist

0.0.0.0 tech.lcl.fr
0.0.0.0 img-fdb.lcl.fr
0.0.0.0 docsp.par.societegenerale.fr
0.0.0.0 statsp.par.societegenerale.fr

it seems ok
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
ricky

Re: NoScript causing hang on lloydstsb UK Bank?

Post by ricky »

Solution to Halifax problem, given by leamphil (2nd email in this thread) worked for me today. Thanks Phil!
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Post Reply