InformAction Forums

Something seems to be wrong with NoScript in firefox on my computer, the names of some sites in the "Allow Example.com" boxes when i click on the NoScript button in the top right corner have turned bold, especially for google domains but also for some others and on some sites sub-sites were allowing themselves, most concerningly some of the sites which seemed to be allowing themselves were advertising domains (which are widely known to be common sources of malvertising exploits). This occured on several sites I visited. I checked the whitelist by clicking the options button and going to the whitelist tab of the options pop-up box and found only a few things were there (things which shoudn't have been there like twitter and gravatar but none of the things which had been self allowingly or strangely boldened) which i promptly removed. I do not know what caused this change to happen, Noscript has never made any of the sites names bold before, and had never allowed sites before without my permission. I cannot be sure if it is a problem with a recent update to noscript (though i last had one a few days back but this problem only started today) or something due to other software on my computer interfering, but i suspect it is the former. I run firefox with ony two extensions active, NoScript and Adblockplus, no other extensions are present and i keep all plugins disabled at all times except when watching videos (which i haven't done for weeks).

Please can someone explain what has gone wrong here and how to fix it, I have used NoScript for several years now and always felt confident in it's ability to protect me from exploits and other such dirty trick, driveby attacks but with this recent occurance I am not sure whether it is properly functioning any more. The fact that the sites being emboldened in the "Allow example.com" text are advertising sites and that advertising sites have self allowed is especially concerning, these sort of domains really are some of the most dangerous thing on the internet (even though many people are unaware of their potential for causing harm).

Please advise on how to cure this problem as soon as possible.
Thanks.

Screenshots of things you think are wrong would help us give you suggestions.. anyway...

Try
NoScript Options > Export (*on the very bottom*, not the one unique to the Whitelist panel. This creates a backup of your entire NoScript configuration.)
then
NoScript Options > Export (the one unique to the Whitelist panel this time - this saves your whitelist and Untrusted list separately)
then
NoScript Options > Reset (the one on the very bottom. That will reset your entire NoScript configuration to default.)

Do the problems stop then?

Also, every time I've seen anyone talk about sites "allowing themselves", those people had set one of the settings for that in NoScript Options > General or perhaps Allowed Scripts Globally. Check those settings on your NoScript and make sure they're all disabled?

I checked the "general" tab of the options menu, there is nothing ticked under there which would let sites load without my permission.

I also performed the two exporting actions you described, the first produced a rather confusing text file containing details for many settings, i searched through it in notepad for the keyword "http" and didn't find any of the dodgy domains by doing so. The second export type made a file which contained just my untrusted list, there didn't seem to be any whitelisted sites within it.

I haven't tried reset yet, I'll try that later.

Regarding creenshots, Yes I'd like to upload them but i don't have any convenient image hosting service with which I'm registered so i would have to set something up or use google drive, that could take ages. I take it this forum won't accept users uploading images directly to it and users must instead provide links to an image hosted elsewhere.

Until (and that assumes i can at all) get a screenshot uploaded somewhere and linked into here, hopefully this text description of what is going on will give you some ideas:

Example site http://www.scifiideas.com/
And this is what i see:

The Noscript icon in the top right corner of my screen displays the "S in a red forbidden sign (https://www.google.co.uk/search?q=forbi ... n-GB&gbv=1)" with a small ornage star in the bottom tright of this logo.

When i click upon the noscript button i see the main domain's allow options written in bold the option "Allow scifiideas.com" is in bold black text where other lines of text are in normal font.

Th text of "Recently blocked sites" is also in bold, If i hover over it i see "Allow all from gstatic.com" is also in bold in a drop down menu to the left.

This doesn't seem to be one of the sites on which things were allowed without my permision, but it does display the weird bold text and the fact that the orange star is on the NoScript icon (i swear that orange star means some of the things on the page have been allowed) is rather creepy. There is no other indication on that page that things are beng allowed without my permission.

no_name_here wrote: The Noscript icon in the top right corner of my screen displays the "S in a red forbidden sign

Does the forbidden sign completely surround the "S", or is it just in one corner?

with a small ornage star in the bottom tright of this logo.

That means that objects - like Java applets or Flash videos - are blocked.

When i click upon the noscript button i see the main domain's allow options written in bold the option "Allow scifiideas.com" is in bold black text where other lines of text are in normal font.

AFAICT, bold text indicates an option to permanently allow the site in the address bar.

This doesn't seem to be one of the sites on which things were allowed without my permision

What makes you think that sites were allowed?

(i swear that orange star means some of the things on the page have been allowed)

Nope. It means that there are objects present (as distinct from scripts) that are being blocked.

The bolding you described sounds normal - in the main menu it bolds the domain you're on, in Recently blocked sites the bold sites are the ones that were active on the domain you're currently on.

EDIT Oops forgot to address your concern about uploading screenshots. http://postimage.org/ doesn't require registration...

Thrawn:

The forbidden sign completely surrounds the S, the orange star is indeed in the bottom right corner.

What makes me think sites were allowed: the first time i opened firefox today and surfed to a few sites i found that some of the domains (like gstatic.com) were showing the mesage "Forbid gstatic.com" under the listing of various allow, temporarily allow and such when i clicked on the NoScript button. It wouldn't be asking if i wanted to forbid it if it wasn't running at that time.

Regarding the orange star: thanks for clearing up my confusion. I never realised it meant that. So the sign i saw (forbidden sign, s and orange star) means that the page had both objects AND scripts and that ALL were blocked?


Barbaz:

Maybe i made a mistake then, maybe it is normal but i swear I've never spotted it before. Are there any tests i can do to make sure that NoScript is running properly now?
The key causes for problems i can think of would be the following:
1.a bug in noscript
2.a change in noscript due to a recent update, some sort of default whitelist including gstatic and the dangerous advertising domains being added?
3.a legitimate piece of software on my machine having some sort of unfortunate conflict with Noscript
4.some sort of malware being on my machine and interfring with noscript.

Maybe i was mistaken in spotting these things, perhaps it had always been that some sites were bold, but for example, at that page i gave as an example i can't see gstatic.com listed as something which was part of the page, and I've never visited it directly but it shows in bold when i hover over "recently blocked sites".

However I certainly did have an experience when i first opened firefox today where whilst visiting some other sites gstatic, googlesyndication and a few other things seemed to be allowed until i clicked the option to forbid them.

I suppose the best thing for me to do would be post here again tomorrow after i have next fully restarted my computer and see if anything similar occurs, and also make a similar post after the next time noscript (or firefox) updates and see if the issue occurs then.

For now I'm adding everything i know to be bad to the untrusted list just incase, do you know any sites that use googleads or any that use doubleclick so i can make sure to block them.

no_name_here wrote: The forbidden sign completely surrounds the S, the orange star is indeed in the bottom right corner.
...
So the sign i saw (forbidden sign, s and orange star) means that the page had both objects AND scripts and that ALL were blocked?

Yes, that's what it means.

What makes me think sites were allowed: the first time i opened firefox today and surfed to a few sites i found that some of the domains (like gstatic.com) were showing the mesage "Forbid gstatic.com" under the listing of various allow, temporarily allow and such when i clicked on the NoScript button. It wouldn't be asking if i wanted to forbid it if it wasn't running at that time.

gstatic.com is one of the few sites on the default whitelist. You can block it if you want, though.

no_name_here wrote:Are there any tests i can do to make sure that NoScript is running properly now?

Go to http://isjavascriptenabled.com/ and see if what the page says matches the NoScript permission you expect?

I know gstatic is usually safe, but i refer only to enable it when i go to sites where i need it (like gmail) and leave it disable the rest of the time, just in case. It shouldn't be on that whitelist now, i removed everything from there except the things referrring to built in parts of firefox.

Thanks for the link to the site where i can test my script blocking's effectiveness.

One more thing i would like to check, if you "Allow example.com" when you are browsing, rather than "Temporarily allow example.com", does the thing you have permanently allowed get added to that same whitelist, or does it get put on another one?

Thank You

no_name_here wrote:One more thing i would like to check, if you "Allow example.com" when you are browsing, rather than "Temporarily allow example.com", does the thing you have permanently allowed get added to that same whitelist, or does it get put on another one?

Should be the same whitelist, the one on NoScript Options > Whitelist

Noscript updates itslef today, just minutes ago. I have opened up firefox and browsed to the same sites, I'm not getting any issues with sites alowing themselves now (as far as i can tell). As the orange star and bold text are apparently normal it seems i have no issues now. Thank You for your help. I'll return and post here should anythign similar happen again. Thanks.

barbaz wrote:

no_name_here wrote:One more thing i would like to check, if you "Allow example.com" when you are browsing, rather than "Temporarily allow example.com", does the thing you have permanently allowed get added to that same whitelist, or does it get put on another one?

Should be the same whitelist, the one on NoScript Options > Whitelist

They're all controlled on one whitelist. The list of default sites is stored in a separate location, but then NoScript has logic on installation/update to determine whether it should add those default sites, based on what you've allowed or disallowed (eg if you block gstatic.com, then it won't be added back). So you can just manage your whitelist and not worry about it.

if you don't want noscript to add sites to your whitelist on updates based on what you've already got there
set about:config > noscript.allowWhitelistUpdates to false