Just an FYI:
Bug 971598 - (self-xss) [meta] Mitigate "Self-XSS" social engineering attacks
Note that NoScript long ago, by default, "Disabled execution of javascript: and data: URLs typed or pasted in the address bar (noscript.allowURLBarJS preference)".
Bug 971598 - (self-xss) [meta] Mitigate "Self-XSS" attacks
Bug 971598 - (self-xss) [meta] Mitigate "Self-XSS" attacks
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a2
Re: Bug 971598 - (self-xss) [meta] Mitigate "Self-XSS" attac
I can't see any details at all on that bug?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0
Re: Bug 971598 - (self-xss) [meta] Mitigate "Self-XSS" attac
The Depends Bugs will have more detail.
What they're looking to do & why.
What they're looking to do & why.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:27.0) Gecko/20100101 SeaMonkey/2.24
Re: Bug 971598 - (self-xss) [meta] Mitigate "Self-XSS" attac
Read a similar thread a while back about Mozilla trying to completely stop javascript: URLs from doing anything when typed in or pasted...
Does any of this mean that people who actually *can* vet javascript: URLs for ourselves won't be able to execute even harmless javascript from the URL bar? If so, any workarounds?
Does any of this mean that people who actually *can* vet javascript: URLs for ourselves won't be able to execute even harmless javascript from the URL bar? If so, any workarounds?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:27.0) Gecko/20100101 Firefox/27.0 SeaMonkey/2.24
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Bug 971598 - (self-xss) [meta] Mitigate "Self-XSS" attac
It has already been disabled long ago.barbaz wrote: Does any of this mean that people who actually *can* vet javascript: URLs for ourselves won't be able to execute even harmless javascript from the URL bar? If so, any workarounds?
The work around is using NoScript and turning the preference on, which causes NoScript to emulate URL bar JS just like it does for bookmarklets on non-whitelisted websites.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0