Too Many XXS Popups

[dave76]

I'm getting dozens of XXS popups ... almost all of them are to facebook. It's driving me nuts! I don't want to allow cross scripting to facebook. How do I suppress or stop all these XXS popups?

Thanks!

KenB

[Guest]

Same problem, the "cross-site scripting attack" warning from [...] to some sites (two in my case, one is legit) is popping up all the time, usually when I open an empty tab. It's really annoying, happens all the time and no way to prevent it from popping up again, must have an option to permanently block the "cross-site scripting" as needed, so that the effing popups stop coming again and again.

[Pansa]

the xss calls from [...] are initiated by the new "about:newtab" page that FIrefox uses.

specifically "sippets" and "Highlights" I believe.
You can turn these two off in the options. Why Firefox thinks it's ok to fetch thumbnails that way, basically asking webpages to deliver "something" that way with out considering the risks is a bit beyond me.

[Pansa]

I'm getting dozens of XXS popups ... almost all of them are to facebook. It's driving me nuts! I don't want to allow cross scripting to facebook. How do I suppress or stop all these XXS popups?

Thanks!

KenB

Don't run the scripts on the pages that initiate these calls.
The only really unwanted XSS call I get when no scripts run is on IMDB to their addnetwork on the mainpage.

If the Xss calls are to facebook, you have allowed some script source on those pages that initiate them.

xss basically means "something on this page tries to run a script from yet another page, without properly embedding them as "foreign", thus it will act like they are THEIR own scripts"

So for instance if you allowed mhmh.facebook.net to run on a page, if that script just without specifying grabs code from facebook.COM and run it like it's from facebook.net.
Which is the "nice" scenario. In a worse scenario it can be used nefariously.