Seeing XSS Notifications on numerous sites since 2.9.0.5

tmeader · Post by **tmeader** » Thu Mar 17, 2016 4:15 am

Wasn't having any issues before the update today. Running FF Beta 46.0 build 2. uBlockOrigin also installed. Again, no issues prior to update to 2.9.0.5. Here's some examples from the console:

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [https://www.youtube.com/subscribe_embed?usegapi=1&count=default&layout=default&channel=UPROXX&origin=http%3A%2F%2Fuproxx.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en.cjMoLRgMYKE.O%2Fm%3D__features__%2Fam%3DEQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPo7RshhNz0Dg58m_r6d7oaltVMmA#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Conytevent%2Conload&id=I0_1458187334306&parent=http%3A%2F%2Fuproxx.com&pfname=&rpctoken=35265939] requested from [http://uproxx.com/]. Sanitized URL: [https://www.youtube.com/#2741171788249752785].

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=small&origin=http%3A%2F%2Fcomicrack.cyolito.com&url=http%3A%2F%2Fcomicrack.cyolito.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en.cjMoLRgMYKE.O%2Fm%3D__features__%2Fam%3DEQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPo7RshhNz0Dg58m_r6d7oaltVMmA#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Conload&id=I0_1458187763998&parent=http%3A%2F%2Fcomicrack.cyolito.com&pfname=&rpctoken=88894699] requested from [http://comicrack.cyolito.com/]. Sanitized URL: [https://apis.google.com/#4417624034621248370].

ng4ever · Post by **ng4ever** » Fri Mar 18, 2016 8:49 am

Same issue here on some sites.

shayera · Post by **shayera** » Fri Mar 18, 2016 9:19 am

Yea, this just cost me 2 great tickets to a concert, when I came to the online payment, the faulty detection resulted in the payment processor barfing up a 'wrong merchant' error..
By the time I figured out I could use an 'unsafe reload'.. those tickets were gone.. I am not amused right now
This on a day where one of my regular news sites figured out a detection for uBlock, so you can imagine my fuse
is somewhat short already

ng4ever · Post by **ng4ever** » Fri Mar 18, 2016 9:37 am

The 2 sites it happen to me on so far is www.neowin.net and http://www.newegg.com/Product/Product.a ... 6819117369

Post by **Giorgio Maone** » Fri Mar 18, 2016 1:36 pm

Please check latest development build 2.9.0.6rc1, thanks.

ng4ever · Post by **ng4ever** » Fri Mar 18, 2016 1:41 pm

Giorgio Maone wrote:Please check latest development build 2.9.0.6rc1, thanks.

I tried but keep getting this error: The addon could not be downloaded because of connection failure.

ng4ever · Post by **ng4ever** » Fri Mar 18, 2016 1:44 pm

Ok never mind I had to manually download it for it to work.

Anyway that version fixes the XSS Notifications issue for me.

InformAction Forums

Seeing XSS Notifications on numerous sites since 2.9.0.5

Seeing XSS Notifications on numerous sites since 2.9.0.5

Re: Seeing XSS Notifications on numerous sites since 2.9.0.5

Re: Seeing XSS Notifications on numerous sites since 2.9.0.5

Re: Seeing XSS Notifications on numerous sites since 2.9.0.5

Re: Seeing XSS Notifications on numerous sites since 2.9.0.5

Re: Seeing XSS Notifications on numerous sites since 2.9.0.5

Re: Seeing XSS Notifications on numerous sites since 2.9.0.5