Page 1 of 1
HP Drivers download page not working with XSS
Posted: Tue Jul 14, 2015 8:50 pm
by leo8888
Trying to download a Laserjet Pro 400 m451 printer driver from HP's website here:
http://www8.hp.com/us/en/support-search ... type=s-002
SeaMonkey will freeze as soon as the link to select one of the three matches is clicked. Uninstalled NoScript and and was then able to download the drivers. Reinstalled NoScript and tested again and could not download the drivers. Unchecked both boxes under XSS options and tested again and was then able to download the drivers.
Re: HP Drivers download page not working with XSS
Posted: Tue Jul 14, 2015 11:01 pm
by therube
First link sends me to
http://h20564.www2.hp.com/hpsc/swd/publ ... c=us&cc=us
English, Win7, gives me 3 choices; PCL5, PCL6, or PS
PCL5 initiates a download, upd-pcl5-x64.*.exe
So, not seeing any issue on my end?
Re: HP Drivers download page not working with XSS
Posted: Tue Jul 14, 2015 11:01 pm
by therube
As a test, create a new, clean Profile, install only NoScript & see what happens?
---
(First link, " HP LaserJet Pro 400 color Printer M451dn" that is...)
Allowed:
www8-hp.com
hp.com
(Hmm. www8-hp.com. Made to look like. Possible that it is, but need not be...)
Re: HP Drivers download page not working with XSS
Posted: Wed Jul 15, 2015 2:25 am
by barbaz
viewtopic.php?f=7&t=20640
Try block bluekai with ABE, and then add an XSS exception for it (instructions in the linked thread).
Do *NOT* add XSS exception for bluekai without completely blocking *ALL* requests to it somehow!!! That would be very dangerous!!!!!!
Re: HP Drivers download page not working with XSS
Posted: Wed Jul 15, 2015 2:03 pm
by therube
But why is bluekai even being allowed, at all?
Or even any other domains other then what I need to be able to download?
(Was trying to see if I could force the XSS, but as I went about allowing, ending up hanging, browser eating CPU. I'll try again...)
[In general their website seems to be dragging. And it happened again. Loaded the OP's page, Allow Global, selected M451dn, then the page to select Language & OS opened, with browser hanging at that point, using 50% CPU, 1 of 2 cores.]
Code: Select all
Hang report for C:\SeaMonkey\seamonkey.exe
Generated by using WhatIsHang on 07/15/2015 10:14:37 AM
Web site: http://www.nirsoft.net
Remarks:
* The program probably hangs because there is an infinite loop, very long loop, or recursive calls.
Strings found in the stack:
ZZZZZZZۧ
pkix_Build_VerifyCertificate
ZZZZZZZZZZZZZZZZZZZZ0Èl
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZà•^
TypeNewScript_initializedType
T$<RPVÆD$<èþúÿÿƒÄ;Ãu<8\$(t.‹D$ ‹L$‹T$$ÿI;Ãu‹‰A;ÃtH^‰2À[ƒÄ$ÉA‰^2À[ƒÄ$ËT$<ƒøuI‰‹D$<Ç@‡ÿÿÿ8\$(t.‹D$ ‹L$‹
Modules found in the stack:
C:\SeaMonkey\nss3.dll , Mozilla Foundation , SeaMonkey,
C:\SeaMonkey\xul.dll , Mozilla Foundation , SeaMonkey,
C:\SeaMonkey\mozglue.dll , Mozilla Foundation , SeaMonkey,
C:\SeaMonkey\icudt52.dll , The ICU Project , International Components for Unicode, ICU Data DLL
********************************************************************************
Snapshot number 1
********************************************************************************
ThreadID: 2476
Execute Address:
021EE1A6 xul.dll+0x161e1a6
Call Stack:
154EF800 000001D6
Stack Data:
0012D460 151ED000
0012D464 087440E0
0012D468 00000000
0012D46C 00000EE4
0012D470 151ED000
0012D474 0000006D
0012D478 00000BD7
0012D47C 151E3000
0012D480 087440E0
0012D484 154EF800
0012D488 00000400
0012D48C 154EFB80
0012D490 154EF858
0012D494 007440E0 nss3.dll+0x1440e0 ...
Also note that the OP's link is www8.hp.com & one of the (other) domains that turns up is www8-hp.com, just saying, as they're different.
Re: HP Drivers download page not working with XSS
Posted: Wed Jul 15, 2015 4:34 pm
by barbaz
therube wrote:But why is bluekai even being allowed, at all?
I might be making invalid assumptions...
Is it bluekai that, when Allowed, triggers the XSS warning from the other thread, or is it that another site on hp is doing something that looks like XSSing bluekai?
therube wrote:Or even any other domains other then what I need to be able to download?
The OP might have allowed them to get another site to work.
Or they might have Allowed Scripts Globally - your description of what happens in that case matches what they describe...
Re: HP Drivers download page not working with XSS
Posted: Wed Jul 15, 2015 5:24 pm
by therube
> bluekai
Irrespective of any XSS issue, why even allow it as it seems not to be needed?
> Or they might have Allowed Scripts Globally
Then just don't.
Try the two domains mentioned & see if that works (as it does for me).
Doesn't "fix" the problem, but certainly works around it by doing nothing further.
Re: HP Drivers download page not working with XSS
Posted: Thu Jul 16, 2015 3:44 am
by Thrawn
Firefox isn't hanging when I open the link, although it takes a few seconds to load.
I agree that it makes more sense to block bluekai. Actually, I'm blocking it further up the chain than that (ensighten.com).