InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

BUG: NS10 XSS Sanitization Hangs Firefox

https://forums.informaction.com/viewtopic.php?t=24525

Page 1 of 1

BUG: NS10 XSS Sanitization Hangs Firefox

Posted: Tue Feb 06, 2018 11:32 am
by Kuma Guy
NoScript: 10.1.6.4
Firefox: 58.0.1 (linux)

If I try to visit this link {https://boingboing.net/2018/02/02/nunesmemo.html} with XSS sanitization enabled, Firefox hangs until force closed. Page works fine with XSS sanitization disabled. Suspect the embedded scribd content is probably the culprit.

Re: BUG: NS10 XSS Sanitization Hangs Firefox

Posted: Tue Feb 06, 2018 1:16 pm
by therube
Confirmed an issue.

Allow boingboing.net.
then
Allow twiiter.com.

CPU eats 1-core.

Not sure how to determine that its an XSS issue ? as I received no warnings.

NoScript icon goes "wacky", inoperable.

Browser itself does not hang.
You can open tabs, hmm, or even close tabs, including the boingboing tab.
You can "type in" a URL or "open" a link, but no page ever loads.

Only way to "fix" things is to restart the browser.

Re: BUG: NS10 XSS Sanitization Hangs Firefox

Posted: Tue Feb 06, 2018 10:14 pm
by Giorgio Maone
Does this problem persist with latest development build 10.1.6.rc3?

Re: BUG: NS10 XSS Sanitization Hangs Firefox

Posted: Wed Feb 07, 2018 12:16 am
by therube
10.1.6_5_.rc3 is where I was at.
And yes, still an issue with noscript-10.1.6.5rc4.xpi.



FWIW, not an issue with SeaMonkey 2.49.2 & noscript-5.1.8.4rc3.xpi.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited