InformAction Forums

Hi folks!

As you probably know, Firefox was recently updated to version 8.0, and very soon afterwards NoScript was also updated to version 2.1.9.

I use Yahoo.com as my homepage, and when I type something into the search bar there used to be a drop-down list of choices.
In other words, if I type in "ado" it would automatically show an alphabetical list starting with "Adobe Flash Player".
This feature ("Direct Search" of "Search Assist") has suddenly stopped working.

This happens on a Win7X64 PC as well as a XPpro 32bit PC, both running FF 8.0 and NoScript 2.1.9.
On the same machines, *both* work perfectly with IE8! What's more, when I disable NoScript from either machine and run Firefox again, everything is back to normal!

So, I guess what I'm asking is: [A] Has this happened to anyone else yet? and Is there a revision planned?

Thanks in advance!

Confirmed using NoScript 2.1.9rc4 (which is the same as 2.1.9) with the default settings. It appears to be blocked by ABE. Here's the message in the Error Console. Until Giorgio implements a fix or suggests one. You can disable ABE from
NoScript Options > Advanced > ABE

one of the IPs sugg.search.yahoo.com resolves to is 10.227.227.117, which is LOCAL

In ABE, if any IP for a destination host is LOCAL then the host is considered LOCAL. This seems to make sense, as Fx will try all the IPs until one connects, so to prevent a possible LOCAL connection ABE blocks the request.

Were there a way to intercept a request after DNS and before the TCP connection, such a hook would presumably be called for each attempted IP and then only requests to the LOCAL IPs could be blocked. But such API does not exist. So there is no way to selectively block only the LOCAL IPs for a given host, is that right Giorgio?

Without disabling ABE you can add an exception before the SYTEM LOCAL rule:

Site sugg.search.yahoo.com
Accept

Eventually Yahoo will fix this, there is no good reason for returning non routable IPs for a public host.

al_9x wrote:So there is no way to selectively block only the LOCAL IPs for a given host, is that right Giorgio?

One possibility that comes to mind, if your are intercepting DNS resolution, is it possible to strip the LOCAL IPs from the results?

al_9x wrote:one of the IPs sugg.search.yahoo.com resolves to is 10.227.227.117, which is LOCAL
<snip>
Without disabling ABE you can add an exception before the SYTEM LOCAL rule:

Site sugg.search.yahoo.com
Accept

btw, Giorgio is traveling, and probably won't be responding promptly for a couple of days.

The script shows to me as sugg.us.search.yahoo.net. The absence of .us. doesn't affect this?

I've been playing with this. A more restrictive rule was added above the default rule:

#Yahoo search
Site 10.227.227.117
Accept from search.yahoo.com *search.yahoo.com search.yahoo.net *search.yahoo.net
Deny

One possibility that comes to mind, if your are intercepting DNS resolution, is it possible to strip the LOCAL IPs from the results?

I tried.
By resolving IPs, as you did, I mapped HOSTS as follows:

72.30.2.199 any-sugg.search.ysta1.b.yahoo.com
67.195.181.191 any-sugg.search.ysta1.b.yahoo.com
67.195.181.191 sugg.search.yahoo.com
72.30.2.199 sugg.search.yahoo.com

The intent being to cause those sites to go only to their external IPs, and not to the internal 10.x.x.x., because, as you said,

This seems to make sense, as Fx will try all the IPs until one connects,

So by forcing it to try the external ones first, perhaps the internal one is being prevented?

Do you think that this is in fact any more restrictive, or does it still give blanket permissions from what you said: allowing *any* non-routable IP makes the entire site LOCAL?

al_9x wrote:Eventually Yahoo will fix this, there is no good reason for returning non routable IPs for a public host.
... In ABE, if any IP for a destination host is LOCAL then the host is considered LOCAL. This seems to make sense, as Fx will try all the IPs until one connects, so to prevent a possible LOCAL connection ABE blocks the request.

Which is what bothers me about this whole thing, and the fact that the ABE FAQ has examples for other sites that use the local 127.0.0.1.

If exceptions are added, does that not defeat the purpose of preventing Internet sites from requesting LAN resources?

Hi folks,

Just a quick update to say that my problem has suddenly and mysteriously disappeared!
All is working again as it was, so this issue is officially "resolved"!

Thanks to anyone/everyone involved!

Neilyum wrote:Hi folks,

Just a quick update to say that my problem has suddenly and mysteriously disappeared!
All is working again as it was, so this issue is officially "resolved"!

Thanks to anyone/everyone involved!

Thanks for posting back to report. And you're very welcome.

Besides manually inserting the word "Resolved" in each new post or reply, how do I show [RESOLVED] in my original Topic? (Or does this happen automatically after a certain length of time?)

Neilyum wrote:Besides manually inserting the word "Resolved" in each new post or reply, how do I show [RESOLVED] in my original Topic? (Or does this happen automatically after a certain length of time?)

Done! It happens when it is changed on the very first original post. Usually the Mods/Admins will do the modification when the issue is resolved one way or another. You had posted anonymously the first time, so it didn't give you the option to edit it, so I did that for you. Now that you have an account, you can edit your own posts. I will also merge the original post with your current account to include it in your post counts as well as for making your own tracking of the posts you have made easier. Hope that resolves it.

Ah-haa! Great, thanks!