InformAction Forums

I have FF 57.0 and the new NoScript 10.1.2. When I opened bookmarks (Shift-Ctrl B) to backup bookmarks, NoScript showed a XSS cross-scripting warning about thumbs.mic.com. I thought this odd, since I had not yet visited a website. I chose to block it. Then when I searched on Google, the same warning popped up again. Once again, I blocked the cross-scripting. What is thumbs.mic.com and why would I be getting a warning about it when I was not at a website or simply on Google? I'm concerned that FF might be compromised somehow.

Does your FF open to about:blank or the new and improved "FF page" that shows you a lot of links to previously visited sites?

Apparently quite a few non malicious sites use XSS nowadays, because they just couldn't keep away from it....
So when FF starts and tries to refresh its "hub" page, XSS alarms may go off.

See : https://forums.informaction.com/viewtop ... 794#p92292

FF opens to about:blank. The XSS warning has appeared on my email provider's login page, on a Google search results page and when opening the bookmarks dialog box (Shift-Ctrl B). It has also appeared on a few other websites I have visited. I thought it odd that it appeared when I was on the about:blank page and simply opening the bookmarks dialog box. Also odd that it appeared when searching on Google. I Googled thumbs.mic.com and didn't find any useful information about the site. When searching for site:mic.com, I found quite a few pages from the site. The Google description of the home page: "Mic covers news, opinion, reviews and analysis around arts, entertainment, celebrity,... etc."

Update: the warning also appeared when I attempted to bookmark this NS forum page. Weird.

It's probably still FF precashing the new "new page" in the background.

https://forums.informaction.com/viewtop ... =7&t=23820

But why would the XSS cross-scripting error appear even when I go to a known safe site? It also appears sometimes when I open bookmarks (Ctrl-Shift B). It's always the same site in the XSS warning: thumbs.mic.com. It's getting pretty annoying. Any way to stop it?