InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XSS warning when searching from Firefox with certain terms

https://forums.informaction.com/viewtopic.php?t=26522

Page 1 of 1

XSS warning when searching from Firefox with certain terms

Posted: Mon Feb 07, 2022 9:15 pm
by geissis
For the last few days if I enter a search term with the word "name" in it in the Firefox search bar I immediately get an empty NoScript XSS warning with the URL of the search engine in it. This is regardless of which search engine I choose, they all do it. Also, I have NoScript restrictions turned off completely and still get the warning. This may affect other search terms too, I'm not sure, "name" is just the last one I figured out.

I've tried this on different computers with completely different OS's and they all do it. Seems like it might be directly related to NoScript?

I'm running v11.2.19

Re: XSS warning when searching from Firefox with certain terms

Posted: Mon Feb 07, 2022 9:47 pm
by Giorgio Maone
It's fixed in latest development build (11.2.20 has been already submitted to AMO and waiting for review):

v 11.2.20rc1
============================================================
x [L10n] Updated de
x [XSS] Fix false positive warning when "name" is in the
query string (thanks John Shield / DuckDuckGo for
reporting)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited