InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XSS

https://forums.informaction.com/viewtopic.php?t=23820

Page 1 of 1

XSS

Posted: Sat Nov 25, 2017 8:35 pm
by saladgoat
FF57 / NS 10.1.2

This keeps popping up:

NoScript detected a potential Cross-Site Scripting attack

from [...] to https://img.discogs.com.

Suspicious data:

(URL) https://img.discogs.com/26lKs-mpMIJ56IhUbgcc19OG1dA=/fit-in/600x596/filters:strip_icc():format(jpeg):mode_rgb():quality(90)/discogs-images/R-10753814-1503701634-8135.jpeg.jpg

I am not on discogs.com and do not have it open on any tab. I don't know what [...] refers to, but this keeps popping up, no matter what website I seem to open.

Also, how do I turn off XSS blocking? All these popups are driving me nuts. I unchecked Sanitize Cross-site... in Options, but it doesn't stay unchecked....

PS - Tried to make the popup message in a different colour but the forum filters detect the color tags as spam. Duh.

Re: XSS

Posted: Sat Nov 25, 2017 9:05 pm
by Pansa
https://forums.informaction.com/viewtop ... 794#p92292

Re: XSS

Posted: Sat Nov 25, 2017 9:15 pm
by saladgoat
Thanks. I closed all tabs, then turned off all content on "New Blank Page". Then clicked the Add-Ons icon - and the popup arrived!
Hopefully it's just leftovers from Firefox shutting things down (I haven't been able to close it yet without getting the Firefox crash detector, so who knows what's going on behind the scenes.)

Re: XSS

Posted: Sat Nov 25, 2017 9:25 pm
by Pansa
saladgoat wrote:Thanks. I closed all tabs, then turned off all content on "New Blank Page". Then clicked the Add-Ons icon - and the popup arrived!
Hopefully it's just leftovers from Firefox shutting things down (I haven't been able to close it yet without getting the Firefox crash detector, so who knows what's going on behind the scenes.)
I usually don't like pointing to other (even free) products. But you might want to run "adwcleaner" once. It's a non install, run on demand little tool that I like to run on PC's where I can't be sure what the person having "general troubles" has been clicking on. They have been bought by the Malwarebytes guys, but opposed to that tool, it's not something that keeps running or needs installation.
FF consistently crashing on closing seems like a separate issue from NS.

Re: XSS

Posted: Sat Nov 25, 2017 11:21 pm
by saladgoat
I run Malwarebytes every couple months, never finding anything. This runs way quicker and actually found something! lol Couple PUPs that probably were nothing, since I am very careful, but whatever. They're gone now! Thanks for the tip.
You're right, the Firefox crashing is not related to NoScript. I was just meaning to say that maybe FF was doing something else in the background that was messing with NS.
Thanks for your help!
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited