Security implications of using Reader View on untrusted site
Posted: Wed Jan 13, 2016 10:57 am
Hi,
I noticed some time ago that Reader View is not immune to XSS. This vulnerability could even be triggered with NoScript installed.
Has there been changes to NoScript since then to thwart unknown vulnerabilities ? Is about:reader treated in a special way under the hood ? (It isn't displayed in the whitelist but NoScript does many things beyond what the UI says)
For example using uMatrix, if I enable it on about:reader with:
And forbid everything, from images and CSS to scripts and XHR, I can see in the log that an XHR still occurred to load the page. (I guess, about:reader cross loading the URL to read) So there is a special treatment going on, probably on Firefox' behalf rather than uMatrix.
Basically, I would like to understand the security implications of using Reader View on a completely untrusted site: No JS, no cookies, no fonts, audio, video, frames, plugins, nothing
Thanks!
I noticed some time ago that Reader View is not immune to XSS. This vulnerability could even be triggered with NoScript installed.
Has there been changes to NoScript since then to thwart unknown vulnerabilities ? Is about:reader treated in a special way under the hood ? (It isn't displayed in the whitelist but NoScript does many things beyond what the UI says)
For example using uMatrix, if I enable it on about:reader with:
Code: Select all
matrix-off: reader.about-scheme falseBasically, I would like to understand the security implications of using Reader View on a completely untrusted site: No JS, no cookies, no fonts, audio, video, frames, plugins, nothing
Thanks!