InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

JavaScript Injection in ///en-US/docs/Mozilla/About_omni.ja

https://forums.informaction.com/viewtopic.php?t=21492

Page 1 of 1

JavaScript Injection in ///en-US/docs/Mozilla/About_omni.ja

Posted: Mon Dec 14, 2015 10:45 pm
by johnscript
I've seen this message about a possible XSS attempt in the browser console a few days ago:

Code: Select all

Host: encrypted.google.com
Url: https://encrypted.google.com/search?output=search&sclient=psy-ab&q=omni.jar&btnG=
[NoScript InjectionChecker] JavaScript Injection in ///en-US/docs/Mozilla/About_omni.ja_(formerly_omni.jar)
(function anonymous() {
en-US/docs/Mozilla/About_omni.ja_(formerly_omni.jar) /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Sanitized suspicious request. Original URL [https://developer.mozilla.org/en-US/docs/Mozilla/About_omni.ja_(formerly_omni.jar)] requested from [https://encrypted.google.com/search?output=search&sclient=psy-ab&q=omni.jar&btnG=]. Sanitized URL: [https://developer.mozilla.org/en-US/docs/Mozilla/About_omni.ja_%20formerly_omni.jar%20#7791350692740373627].
TypeError: self.urlTooltipLabel is undefined urlbar.xml:379:15
COOKIE BLOCKED
Host: developer.mozilla.org
Url: https://developer.mozilla.org/en-US/docs/Mozilla/About_omni.ja_%20formerly_omni.jar%20#7791350692740373627
I didn't notice anything unusual when NoScript threw this warning: I was actually looking for some Mozilla wiki page on Google, after clicking on the link I was interested in I saw the warning at the top of the browser window, and then in the error console the above message.

Is that something to worry about?

Re: JavaScript Injection in ///en-US/docs/Mozilla/About_omni

Posted: Mon Dec 14, 2015 11:00 pm
by Thrawn
No, it's harmless enough. NoScript didn't like the brackets in the URL, which resemble a JavaScript function call.

Have you whitelisted mozilla.org? That makes a difference to the strictness of the injection checker.

Re: JavaScript Injection in ///en-US/docs/Mozilla/About_omni

Posted: Mon Dec 14, 2015 11:29 pm
by barbaz
I can confirm this behavior and I have mozilla.org whitelisted. (I just pasted the URL in my address bar.)

I am certain it's a false positive. Is it possible to adjust to fix this in NoScript, or is a XSS exception necessary?

Re: JavaScript Injection in ///en-US/docs/Mozilla/About_omni

Posted: Fri Dec 18, 2015 7:37 pm
by johnscript
Thrawn wrote:No, it's harmless enough. NoScript didn't like the brackets in the URL, which resemble a JavaScript function call.

Have you whitelisted mozilla.org? That makes a difference to the strictness of the injection checker.
Thanks for you reply, no I hadn't whitelisted mozilla.org, I mean not permanently: it was temporarily allowed.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited