XSS on browser start-up

[xting]

I got an XSS warning when I opened my browser this morning. Gmail was the only open tab. The XSS went to www.packtpub.com, a publisher of IT guides.

I had yesterday connected to this page: https://www.packtpub.com/mapt/book/appl ... nd-binning

I noticed xss requests yesterday and blocked them without paying attention.

I have no packt tabs open today and had none at startup. So why should the requests still be made?

[barbaz]

Did you have the new tab page open?

[xting]

No. There are are no tabs open to the suspect site.

The NoScrit warning has been appearing whenever I restart my browser for a few days now.

This morning it came up when I started Firefox and, again, the only open tabs were gmail, and pages on the NoScript and Information forum.

The XSS warning reads thus:

Code: Select all

"""
NoScript detected a potential Cross-Site Scripting attack

from [...] to https://www.packtpub.com.

Suspicious data:

(URL) https://www.packtpub.com/mapt/book/application_development/9781783985128/9/ch09lvl1sec79/{{metadataController.imagePath}}
"""

I did a quick search of files in my Firefox extension folder to see if any contained the text 'packtpub', but none appeared to.

[barbaz]

There are are no tabs open to the suspect site.

I got that. I ask about the page that comes up when you open a new tab in Firefox.