InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

NS reports potential XSS filtering on newspaper website

https://forums.informaction.com/viewtopic.php?t=7169

Page 1 of 1

NS reports potential XSS filtering on newspaper website

Posted: Wed Sep 07, 2011 10:42 am
by julep
Hi:
I'm a newbie to NS 2.1.2.6 and don't know much about scripts, so please have patience :). I visited a major newspaper blog site tonight, and received an XSS alert (Firefox 6.0.1). The alert said: "Noscript filtered a potential cross-site scripting (XSS) attempt from "domain" (see URL below). Technical details have been logged to the console."

Here is the website: http://blog.chron.com/newswatch/2011/09 ... 4-youtube/

I opened the Error Console, and it had about 80 instances of the same error message. I had never opened it before, so I don't know how old any of them were.

"Error: [Exception... "Could not convert JavaScript argument arg 0 [nsISupports.QueryInterface]" nsresult: "0x80570009 (NS_ERROR_XPC_BAD_CONVERT_JS)" location: "JS frame :: file:///C:/Program%20Files/Norton%20Internet%20Security/Engine/18.6.0.29/rfhelper32.js :: <TOP_LEVEL> :: line 348" data: no]
Source File: file:///C:/Program%20Files/Norton%20Internet%20Security/Engine/18.6.0.29/rfhelper32.js
Line: 348"

Does that error message go with the XSS filtering warning, and what is the significance? Do I need to take any action? Thanks for any info.

Re: NS reports potential XSS filtering on newspaper website

Posted: Wed Sep 07, 2011 10:57 am
by dhouwn
file:///C:/Program%20Files/Norton%20Internet%20Security/Engine/18.6.0.29/rfhelper32.js
C:/Program%20Files/Norton%20Internet%20Security/Engine/
Norton%20Internet%20Security
Norton
Ask Norton. ;-)

Re: NS reports potential XSS filtering on newspaper website

Posted: Wed Sep 07, 2011 11:02 am
by julep
Thanks, will do. That message may have nothing to do with the XSS alert, but that's all I saw in the error console. But my main question here in this forum is about the "potential XSS filtering event" that occurs at the website I posted above. I don't know if someone tests it, or how that works here. I'm new to NS and especially to the forum. Thanks.

Re: NS reports potential XSS filtering on newspaper website

Posted: Thu Sep 08, 2011 12:31 am
by Colin T.
julep, a NoScript warning about XSS will leave an entry in the log that starts with "[NoScript XSS]".

Re: NS reports potential XSS filtering on newspaper website

Posted: Thu Sep 08, 2011 12:55 am
by Guest
Thanks, Colin T.! I went to the Console, but there were no logged messages concerning XSS. There was nothing other Messages or Warnings. Just Error messages for Norton, completely unrelated to this circumstance , which is known to Norton. So I purposely went back to the offending site, and let the XSS warning occur again, which it did. As part of the warning it says "Technical details have been logged to the console."
So I went to the Console again, and again there was nothing under blue "messages" or yellow "warnings". Just the Norton errors. So I'm not sure why it is not logging or if this was a false positive or what. If someone has a test machine and tries that newspaper blog site, maybe they can see if they duplicate it. Thanks, and have a good day/evening.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited