Page 1 of 1
[SOLVED]Strange XSS message
Posted: Fri Aug 06, 2010 2:53 pm
by linuser
Mindfield 4.0b4 for linux 32bit + Noscript 2.0.1rc4 . The following message appears in the errror console since a few days :
Code: Select all
[NoScript XSS] xss.reason.[Exception... "Component returned failure code: 0x80004004 (NS_ERROR_ABORT) [nsIURI.spec]" nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: chrome://noscript/content/ABE.js :: anonymous :: line 566" data: no] --- undefined
It happened also with previous Mindfield builds ( 4.0b3 ) and Noscript 2.0
Re: Strange XSS message
Posted: Fri Aug 06, 2010 8:15 pm
by Giorgio Maone
Have you got any "Anon" ABE rule?
Re: Strange XSS message
Posted: Sat Aug 07, 2010 12:09 am
by linuser
Giorgio Maone wrote:Have you got any "Anon" ABE rule?
Yes , I found it in a post here in the forum ...
Code: Select all
# This rules allows authentication data to be sent with requests originated
# from the same base domain, stripping it off otherwise
Site *
Accept from SELF++
Anon
Re: Strange XSS message
Posted: Sat Aug 07, 2010 3:21 am
by therube
Re: Strange XSS message
Posted: Sat Aug 07, 2010 5:40 am
by Giorgio Maone
It seems to be due to an incompatible change in how nsIURI objects work, happened in recent trunk build.
Anon seems not to be working anymore for some requests at least, invstigating.
Re: Strange XSS message
Posted: Wed Aug 11, 2010 2:52 pm
by linuser
I've added the same ABE rule in another profile running Firefox 3.6.8 coming from the ubuntu mozilla security PPA and after restarting the browser I found the same XSS message in the error console.
Apart the warning , all seem to work correctly ...
EDIT : the error seems to appear apparently ONLY when visiting any *.wikipedia.org page.
Re: Strange XSS message
Posted: Sat Aug 14, 2010 5:44 pm
by linuser
The message doesn't appear anymore in the latest Mindfield build with Noscript v 2.0.2rc5.
I guess it can be declared as solved.