Crashes with noscript/FF49 on various sites

General discussion about the NoScript extension for Firefox
Post Reply
Tjure
Posts: 1
Joined: Thu Oct 27, 2016 6:59 am

Crashes with noscript/FF49 on various sites

Post by Tjure »

The last days I have repeated crashes of firefox on various sites using noscript. An example is:

https://www.modhoster.de/mods/vehicle-sort

Allowing sripts for 'modhoster.de' temporarily lets firefox crash.

When disabling noscript completely, everything works fine.

I created also a fresh firefox-profile, but this did not help either.

Not sure when these crashes appeared exactly, but it must be sometimes within the last 3 weeks.
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Crashes with noscript/FF49 on various sites

Post by therube »

(In a not see clean Profile...)

First attempt, Allow Globally, I was running 50% CPU (100% of 1 of 2 cores), & I gather that never would have subsided.

Revoking that, & only allowing modhoster.de, it much better behaved.
Initially, CPU usage was quite variable, but after a while setting down to virtually nothing.
Not seeing memory usage increase.


(Kind of seem to recall certain other particular sites, that when particular domains were allowed, prolonged or even unending high CPU usage ensued? Maybe it was with some of the bank sites...?)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 SeaMonkey/2.40
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Crashes with noscript/FF49 on various sites

Post by therube »

A number of huge messages are hitting error console.
(This one, if in its entirety, would have been 149,770 bytes.)

Code: Select all

[NoScript XSS]: sanitized window.name, "1-0-5;62162;<!doctype html><html><head><meta charset="UTF-8"><style>a.rh-ms-mute-undo {color:#ffba00;}body,table,div,ul,li{margin:0;padding:0}body{font-family:"Times New Roman","Times New Roman",serif;}#adunit {background-color: #3a3a3a;border: 1px solid #000000;height: 248px;width: 798px;}#ads {height: 248px;left: 1px;position: absolute;top: 1px;width: 798px;}#ads ul{list-style: none;}#ads ul li {clear: both;float: left;line-height: 0;overflow: hidden;position: relative;  }#ads table {border-collapse: collapse;border-spacing: 0;}.separator {border-bottom: 1px solid #757575;}.rh-img-rtl {-moz-transform: scaleX(-1);-o-transform: scaleX(-1);-webkit-transform: scaleX(-1);transform: scaleX(-1);filter: FlipH;-ms-filter: "FlipH";}.rhsvgpngicon {vertical-align:middle;}.ads_chrome_top {position: absolute;overflow: hidden;top: 1px;width: 798px;height:0px;}.ads_chrome_bottom {position: absolute;overflow: hidden;bottom: 1px;width: 798px;height:0px;}.ads_chrome_left {position: absolute;overflow: hidden;left: 1px;width:0px;height: 248px;}.ads_chrome_right {position: absolute;overflow: hidden;right: 1px;width:0px;height: 248px;}.rh_custom_close_button .rhsvgpngicon {display: block;cursor: pointer;}.rh_custom_close_button.hidden {display: none;}.rhtitle.rhdefaultcolored {color: #ffba00;}.rhtitle {text-decoration: none;word-wrap: break-word;}.rhtitle-adbadge {background-color: #EDB802;border-radius: 2px;color: #FFFFFF;font-family: "Arial Regular", "Arial", sans;font-size: 13px;font-weight: normal;height: 15px;margin: 0 3px;padding: 0 3px;}a.rhtitle:hover {text-decoration: underline;}.icoret-bullet {vertical-align: top;color: #666;}.icoret-title {border-spacing: 2px;margin-left: -8px;table-layout: fixed;word-break: break-word;}.rh-title-overlay {margin: -100%;padding: 100%;}.rhtitle-fade {background: -moz-linear-gradient(left, rgba(255,255,255,0) 75%, #3a3a3a 95%);background: -webkit-gradient(linear, left top, right top, color-stop(75%,rgba(255,255,255,0)), color-stop(95%, #3a3a3a));background: -webkit-linear-gradient(left, rgba(255,255,255,0) 75%, #3a3a3a 95%);background: -o-linear-gradient(left, rgba(255,255,255,0) 75%, #3a3a3a 95%);background: -ms-linear-gradient(left, rgba(255,255,255,0) 75%, #3a3a3a 95%);background: linear-gradient(to right, rgba(255,255,255,0) 75%, #3a3a3a 95%);display: inline;pointer-events: none;}.rhbodyurl.rhdefaultcolored,.rhbody.rhdefaultcolored ... ,"reportCreativeGeometry":false,"isDifferentSourceWindow":false}"
URL: https://tpc.googlesyndication.com/safeframe/1-0-5/html/container.html#xpc=sf-gdn-exp-1&p=https%3A//www.modhoster.de
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 SeaMonkey/2.40
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Crashes with noscript/FF49 on various sites

Post by therube »

Hmm.

Clear cache
Do a Reset of NoScript (settings)

Restart (SeaMonkey) & load modhoster.de
Allow modhoster.de
Then Allow Globally

and its not too bad actually.
I've got Flash set to ask.
Site does have some scrolling (I'm going to call them) "marquees".

Otherwise, I'm seeing variable CPU usage; from a few to ~20%, but no memory growth.
So at present, its not looking awful.
And I'm not seeing the prolonged high CPU usage like I saw on my initial load of the site.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 SeaMonkey/2.40
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Crashes with noscript/FF49 on various sites

Post by barbaz »

therube wrote:A number of huge messages are hitting error console.
(This one, if in its entirety, would have been 149,770 bytes.)
And that'd be it. This is a site problem, they are using extremely unsafe practice to pass data around between domains, and NoScript is blocking it for your safety.

This has come up before
:arrow: search.php?keywords=safeframe&terms=all&sr=topics

You can deal with this specific instance by:
NoScript Options > Advanced > ABE > USER, add

Code: Select all

Site .tpc.googlesyndication.com
Deny
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply