Hi there,
Searching for some specific subject with Google brought me to a link with the format http:// "something".appspot.com/"twitter account"
Running FF 3.6 with NoScript 1.9.9.50 results in a XSS warning for Google / appspot.com, situation :
1. Search for potential XSS links http://www.google.com/#hl=enl&source=hp ... om%2F&fp=1
2. Choose a link on the result page, like http://7920074.appspot.com/googlemaps
3. Use the result page,try to login to Twitter (enter here a fake user name and password) > result a XSS warning
What is happening here? Is appspot.com hijacked and acting like Twitter or is this a bug in NoScript?
Regards,
BlackBox the Netherlands.
XSS or false alarm?
XSS or false alarm?
Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
-
Guest
Re: XSS or false alarm?
Winner of the "2006 PC World World Class Award", this tool provides extra protection to your Firefox.
It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS) and Clickjacking attempts, thanks to its unique ClearClick technology.
Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality...
Experts do agree: Firefox is really safer with NoScript
It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS) and Clickjacking attempts, thanks to its unique ClearClick technology.
Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality...
Experts do agree: Firefox is really safer with NoScript
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2