InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

BUGS: 1.9.4.x Dev

https://forums.informaction.com/viewtopic.php?t=1623

Page 6 of 8

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 1:58 am
by GµårÐïåñ
Tom T. wrote:Ditto what Guardian said, and you'll have to pardon me, my English isn't too good: It's like garlic? .... aaah, smell the DNS! :D
Don't know what you are on my friend :P but damn it, I want some :lol:

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 2:24 am
by Tom T.
GµårÐïåñ wrote:Don't know what you are on my friend :P but damn it, I want some :lol:
Tom T. wrote:
Giorgio Maone wrote: thanks to a rather rocambolesque DNS activity parallelization,
Ditto what Guardian said, and you'll have to pardon me, my English isn't too good: It's like garlic? .... aaah, smell the DNS! :D
I thought I had a fairly large vocabulary, but Giorgio got me on "rocambolesque". I have an excuse, though: the dictionary defines "rocambole" as a European member of the garlic family, a term I've never seen or heard in the States. Still have to hand it to him, though, for usage of a formal and classy suffix, "-esque", as opposed to the more informal and common (among the less educated native speakers) "-ish". Must have learnt English in one of those British schools where they still teach it properly, as opposed to US schools, who graduate natives who can't write a coherent sentence or parpagraph. :)

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 2:57 am
by GµårÐïåñ
Well I knew that it was a French story of some kind, Ponson du Terrail's character, Rocambole. I also think it means like fabulous, great, fantastic, awesome, incredible or such. At least I hope I am thinking about the right one, maybe I should have looked it up. I would feel silly if I misunderstood its meaning. When I saw it, immediately flashed back to high school where my English Lit. teacher was the ever tall and sexy and just gorgeous Ms. Marsh, grrr and we were reading the Canterbury Tales and mid semester she had to be bed ridden for maternity leave, the lucky bastard that married her. Anyway, the substitute was Mr. Williams and he was married to this French Lit professor and mentioned it once in a context I honestly can't remember. Memory is an unpredictable beast.

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 6:31 am
by FredMSloniker
Type http://bulbapedia.bulbagarden.net/wiki/ ... _(Pokémon) into the address bar. It gets turned into a URL of the form http://bulbapedia.bulbagarden.net/wiki/ ... k%C3%A9mon#(really long integer goes here) as NoScript reports filtering a potential cross-site scripting (XSS) attempt from [chrome:] I'm not sure of the cause, but it has to do with the presence of both the period and the parentheses, as typing in an address without one or the other works without incident. Clicking on a link that leads to the address works correctly.

Tested and confirmed an issue with the latest dev build.

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 6:45 am
by therube
NoScript 1.9.4.8, SeaMonkey 1.1.17.

All was going well, then ... most bookmarks & the throbber started doing stuff like this. The URL would show in the URL bar, but that was the extent of it. Bookmarklets look to work.

Code: Select all

[NoScript XSS] xss.reason.ReferenceError: max is not defined --- ()@chrome://noscript/content/DNS.js:77
("www.seamonkey-project.org",[object Object])@chrome://noscript/content/DNS.js:67
("www.seamonkey-project.org",0,(function (dnsRecord) {try {if (!(dnsRecord && dnsRecord.valid)) {req.channel.cancel(Components.results.NS_ERROR_UNKNOWN_HOST);} else {if (req.deferredDNS) {if (callback) {callback();} else {ABE.checkRequest(req);}}}} finally {req.detach();}}))@chrome://noscript/content/DNS.js:192
([object Object],(function () {self.handleABE(abeReq, isDoc);}))@chrome://noscript/content/ABE.js:259
([object Object],(function () {self.handleABE(abeReq, isDoc);}))@chrome://noscript/content/ABE.js:195
([object Object],true)@chrome://noscript/content/RequestWatchdog.js:88
([object XPCWrappedNative_NoHelper],[object XPCWrappedNative_NoHelper],983041,0)@chrome://noscript/content/Main.js:3320
loadURI("http://www.seamonkey-project.org/",undefined,undefined,null,null)@:0
loadURIWithFlags("http://www.seamonkey-project.org/",undefined,undefined,undefined)@chrome://global/content/bindings/browser.xml:160
loadURIWithFlags("http://www.seamonkey-project.org/",undefined,undefined)@chrome://global/content/bindings/tabbrowser.xml:1825
loadURI("http://www.seamonkey-project.org/")@chrome://navigator/content/navigator.js:1446
openTopWin("http://www.seamonkey-project.org/")@chrome://communicator/content/utilityOverlay.js:356
goClickThrobber("browser.throbber.url")@chrome://communicator/content/utilityOverlay.js:307
oncommand([object XULCommandEvent])@chrome://navigator/content/navigator.xul:1

Code: Select all

[NoScript XSS] xss.reason.ReferenceError: max is not defined --- ()@chrome://noscript/content/DNS.js:77
("www.anonym.to",[object Object])@chrome://noscript/content/DNS.js:67
("www.anonym.to",0,(function (dnsRecord) {try {if (!(dnsRecord && dnsRecord.valid)) {req.channel.cancel(Components.results.NS_ERROR_UNKNOWN_HOST);} else {if (req.deferredDNS) {if (callback) {callback();} else {ABE.checkRequest(req);}}}} finally {req.detach();}}))@chrome://noscript/content/DNS.js:192
([object Object],(function () {self.handleABE(abeReq, isDoc);}))@chrome://noscript/content/ABE.js:259
([object Object],(function () {self.handleABE(abeReq, isDoc);}))@chrome://noscript/content/ABE.js:195
([object Object],true)@chrome://noscript/content/RequestWatchdog.js:88
([object XPCWrappedNative_NoHelper],[object XPCWrappedNative_NoHelper],983041,0)@chrome://noscript/content/Main.js:3320
loadURI("http://www.anonym.to/",0,undefined,null,null)@:0
loadURIWithFlags("http://www.anonym.to/",0,undefined,undefined)@chrome://global/content/bindings/browser.xml:160
loadURI("http://www.anonym.to/",undefined,undefined)@chrome://global/content/bindings/browser.xml:135
loadURI("http://www.anonym.to/")@chrome://global/content/bindings/tabbrowser.xml:1812
("rdf:#$hT7Sq3","current",[object XPCWrappedNative_NoHelper])@chrome://communicator/content/bookmarks/bookmarks.js:577
apply([object Object],[object Array])@:0
()@chrome://noscript/content/noscriptBM.js:33
("rdf:#$hT7Sq3","current",[object XPCWrappedNative_NoHelper])@chrome://noscript/content/noscriptBM.js:37
([object Object],"current",[object XPCWrappedNative_NoHelper])@chrome://communicator/content/bookmarks/bookmarks.js:548
openItemClick([object MouseEvent],2)@chrome://communicator/content/bookmarks/bookmarksTree.xml:433
ondblclick([object MouseEvent])@chrome://communicator/content/bookmarks/bookmarksManager.xul:1
@:0

This also showed up a couple times:

Code: Select all

[NoScript XSS] xss.reason.[Exception... "Component returned failure code: 0x804b001e [nsIDNSService.resolve]"  nsresult: "0x804b001e (<unknown>)"  location: "JS frame :: chrome://noscript/content/DNS.js :: anonymous :: line 192"  data: no] --- undefined

Some URL dropdown entries work, others not. Looks like newly entered URLs typed into the Location bar fail in the same manner.

Code: Select all

[NoScript XSS] xss.reason.ReferenceError: max is not defined --- ()@chrome://noscript/content/DNS.js:77
("www.giorgio.com",[object Object])@chrome://noscript/content/DNS.js:67
("www.giorgio.com",0,(function (dnsRecord) {try {if (!(dnsRecord && dnsRecord.valid)) {req.channel.cancel(Components.results.NS_ERROR_UNKNOWN_HOST);} else {if (req.deferredDNS) {if (callback) {callback();} else {ABE.checkRequest(req);}}}} finally {req.detach();}}))@chrome://noscript/content/DNS.js:192
([object Object],(function () {self.handleABE(abeReq, isDoc);}))@chrome://noscript/content/ABE.js:259
([object Object],(function () {self.handleABE(abeReq, isDoc);}))@chrome://noscript/content/ABE.js:195
([object Object],true)@chrome://noscript/content/RequestWatchdog.js:88
([object XPCWrappedNative_NoHelper],[object XPCWrappedNative_NoHelper],983041,0)@chrome://noscript/content/Main.js:3320
loadURI("www.giorgio.com",8192,null,null,null)@:0
loadURIWithFlags("www.giorgio.com",8192,null,undefined)@chrome://global/content/bindings/browser.xml:160
loadURIWithFlags("www.giorgio.com",8192,null)@chrome://global/content/bindings/tabbrowser.xml:1825
loadURI("www.giorgio.com",null,8192)@chrome://navigator/content/navigator.js:1446
BrowserLoadURL([object KeyboardEvent])@chrome://navigator/content/navigator.js:1547
handleURLBarCommand("typing",[object KeyboardEvent])@chrome://navigator/content/navigator.js:2177
apply([object ChromeWindow],[object Object])@:0
()@chrome://noscript/content/noscriptBM.js:47
("typing",[object KeyboardEvent])@chrome://noscript/content/noscriptBM.js:62
anonymous("typing",[object KeyboardEvent])@chrome://global/content/autocomplete.xml:1274
apply([object XULElement],[object Array])@:0
_fireEvent("textentered","typing",[object KeyboardEvent])@chrome://global/content/autocomplete.xml:1275
finishAutoComplete(true,true,[object KeyboardEvent])@chrome://global/content/autocomplete.xml:842
processKeyPress([object KeyboardEvent])@chrome://global/content/autocomplete.xml:976
onxblkeypress([object KeyboardEvent])@chrome://global/content/autocomplete.xml:1448
@:0

Everything had been going well, then this started happening - out of the blue seemingly.

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 8:00 am
by Giorgio Maone
@therube:
Fixed in latest development build 1.9.4.9.

@FredMSloniker:
that won't be fixed, too much dangerous.
A perfect case for you to add an exception, if you think it's annoying.

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 8:11 am
by GµårÐïåñ
Giorgio Maone wrote:@therube:
Fixed in latest development build 1.9.4.9.

@FredMSloniker:
that won't be fixed, too much dangerous.
A perfect case for you to add an exception, if you think it's annoying.
Giorgio, the dev link at the site is still pointing to the 1.9.4.8 version (http://software.informaction.com/data/b ... .9.4.8.xpi) is that just a naming error or the 1.9.4.9 not there yet?

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 8:28 am
by Giorgio Maone
@GµårÐïåñ:
Just a typo, fixed thanks.

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 8:38 am
by GµårÐïåñ
Giorgio Maone wrote:@GµårÐïåñ:
Just a typo, fixed thanks.
Figured, thank you. :)

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 8:41 am
by FredMSloniker
Giorgio Maone wrote:@FredMSloniker:
that won't be fixed, too much dangerous.
A perfect case for you to add an exception, if you think it's annoying.
Can you explain why it's dangerous? I don't want to add an exception that will leave me vulnerable to horribleness, but at the same time this is annoying behavior; if I understand the problem, I can minimize my exposure.

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 9:17 am
by dhouwn
FredMSloniker wrote:Can you explain why it's dangerous?
In Javascript functions are invoked in the form "function name + round brackets".

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 9:32 am
by Giorgio Maone
FredMSloniker wrote:Can you explain why it's dangerous? I don't want to add an exception that will leave me vulnerable to horribleness, but at the same time this is annoying behavior; if I understand the problem, I can minimize my exposure.
The problem is that Mr._Mime_(Pokémon) is syntactically valid JavaScript.
Now, XSS filters don't trigger for every JavaScript valid fragment (hell, even just "a" is one), but this is complex enough to potentially do nasty things, depending on the context: in facts it's a full blown dot-notation method call with a parameter,

Code: Select all

object.method(param)
and it fits in a potential injection fragment (a discrete path component), so if I let every similar URL pass I would reduce XSS filter effectiveness to an unacceptable degree.

A relatively safe exception for you (assuming Bulbapedia is not affected by DOM-based XSS flaws) is:

Code: Select all

^http://bulbapedia\.bulbagarden\.net/wiki/[^'"<]+$

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 4:58 pm
by therube
Looks to be another one.
Same sort of symptoms. Clicked an "external" link (from an "HTML aware" text editor). URL is shown on Location Bar, but status shows "Stopped", & page never loads.

Code: Select all

[NoScript XSS] xss.reason.[Exception... "Component returned failure code: 0x804b001e [nsIDNSService.resolve]"  nsresult: "0x804b001e (<unknown>)"  location: "JS frame :: chrome://noscript/content/DNS.js :: anonymous :: line 193"  data: no] --- undefined

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 5:16 pm
by Giorgio Maone
@therube:
which was the site?
By the look of the error message, it seems Gecko's DNS resolution failed (malformed or not existent host): the bug, if any, is the "Host not found" error page not showing.

Re: BUGS: 1.9.4.x Dev

Posted: Thu Jun 25, 2009 5:34 pm
by therube
No.
The site is valid, http://www.rebate-zone.com/edgetechcorp.

There was this too if it matters:

Code: Select all

Error: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIWebProgress.removeProgressListener]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: chrome://global/content/bindings/browser.xml :: removeProgressListener :: line 325"  data: no]
Source File: chrome://global/content/bindings/browser.xml
Line: 325
(Still on SeaMonkey 1.1.17 & NoScript 1.9.4.9.)

... let me look more ...

Maybe it was a fluke, cause now it is opening as expected?

Could a delay, caused by XSS or ABE machinations or similar (or more generally, anything) have caused something else - in the browser itself to time out, causing a fail? (I may have noticed every so often a tab slow to open. Don't recall offhand if I notice the same when the external link went to open?)
All times are UTC
Page 6 of 8

Powered by phpBB® Forum Software © phpBB Limited