XSS from brightcove?

Lucas Malor · Post by **Lucas Malor** » Thu Mar 17, 2016 10:20 pm

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://brightcove01.brightcove.com/24/1328010481001/201603/1915/4805143332001/1328010481001_4805143332001_s-41.ts?pubId=1328010481001&videoId=4805138839001. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

Post by **barbaz** » Thu Mar 17, 2016 11:58 pm

If you're using NoScript 2.9.0.5, there have been many threads here about XSS filter issues resulting since that update...

Does downgrading NoScript to 2.9.0.5rc2 make it work? (If so, this is a NoScript bug; I would recommend to downgrade to NoScript 2.9.0.4 until Giorgio fixes whatever bug(s) happened)

Post by **barbaz** » Fri Mar 18, 2016 6:18 pm

Does NoScript 2.9.0.6 works again?

Lucas Malor · Post by **Lucas Malor** » Fri Mar 18, 2016 7:27 pm

No more messages, but videos from the site Il Fatto Quotidiano does not work if NoScript is enabled:

http://tv.ilfattoquotidiano.it/2016/03/ ... ta/495784/

Lucas Malor · Post by **Lucas Malor** » Fri Mar 18, 2016 7:47 pm

Excuse me, errata corrige: error log is printed in JS console, but no XSS dialog is displayed.

Post by **Giorgio Maone** » Fri Mar 18, 2016 11:18 pm

Lucas Malor wrote:No more messages, but videos from the site Il Fatto Quotidiano does not work if NoScript is enabled:

http://tv.ilfattoquotidiano.it/2016/03/ ... ta/495784/

I need to enable many things (mostly brightcove-related stuff), but it works for me on 2.6.0.9.

Lucas Malor · Post by **Lucas Malor** » Sat Mar 19, 2016 9:55 am

DO you mean 2.9.0.6?

Post by **Giorgio Maone** » Sat Mar 19, 2016 10:25 am

Lucas Malor wrote:DO you mean 2.9.0.6?

Yep

InformAction Forums

XSS from brightcove?

XSS from brightcove?

Re: XSS from brightcove?

Re: XSS from brightcove?

Re: XSS from brightcove?

Re: XSS from brightcove?

Re: XSS from brightcove?

Re: XSS from brightcove?

Re: XSS from brightcove?