InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

noscript update splash page serves malware?

https://forums.informaction.com/viewtopic.php?t=17712

Page 1 of 1

noscript update splash page serves malware?

Posted: Wed Oct 30, 2013 8:48 pm
by r8limiter
Hi - after updating noscript and restarting my browser today I was presented with the release notes page as usual (http://noscript.net/?ver=2.6.8.4&prev=2.6.7.1).

What was unusual was that the page contained an iframe whos source was blocked by my company's web security appliance due to it being used to serve malware.

After refreshing the page, the iframe disappeared. I'm wondering if anyone else is seeing this?

Thanks

Re: noscript update splash page serves malware?

Posted: Wed Oct 30, 2013 9:07 pm
by r8limiter
I have the malware url and diffs of the html served for the clean page and the malware page if that's helpful.

It seems this may just be a fundamental issue with http though - perhaps I was MITM'd. Time to make noscript.net https?

Thanks

Re: noscript update splash page serves malware?

Posted: Thu Oct 31, 2013 3:35 am
by Thrawn
I haven't seen this occur, no.

Giorgio does serve the actual addons over https (on secure.informaction.com), but not the NoScript or Flashgot websites.

Re: noscript update splash page serves malware?

Posted: Thu Oct 31, 2013 9:00 am
by Giorgio Maone
I heard about ESET false positives about AfterDownload ad units (which are loaded in iframes), recently. Nothing to be worried about.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited