[Resolved] ClearClick false positive on simfy.de

[MuScript]

http://www.simfy.de is a website where you can listen to music which is played via Adobe Flash. To reproduce this issue, you need to be registered, sorry (but it's free). On this website, there are buttons like "play/pause", "next title", a progress bar with which you can seek to a specific position of the song etc. Since I updated NoScript to version 2.3.4, there is a pop-up window by NoScript, which appears when I click at one of those buttons. It says, that I possibly get clickjacked, which is obviously not the case.

Maybe this false positive could be fixed for the next version. Thanks

[Giorgio Maone]

Could you please use the "Report" button and give me the report ID you get assigned? Thanks.

[MuScript]

Sure

Report-ID: 311980

[Giorgio Maone]

Unfortunately I cannot test because it says I'm in a non-supported country (Italy) and I don't have a German proxy at hand (I suppose it's what I would need).

However I made a blind attempt: could you check latest development build 2.3.5rc4 and tell me if it works around your problem?

[therube]

I did get the ClearClick warning with 2.3.5rc3 (I believe it was).
Not see any ClearClick warning with 2.3.5rc5.

Though:

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///if?enc=tksbDkuD5j-2SxsOS4PmPwAAAIDrUQBAtksbDkuD5j-2SxsOS4PmP7Yu2PmXWH4e2nmwBLXjtnMxg2NPAAAAAOQiCwB0AwAAdAMAAAIAAAAfJhcABzYCAAAAAABVU0QARVVSAKAAWAJvQwAAfQsAAgQCAQUAAIIAFyCOYwAAAAA.&udj=uf('a', 41156, 1331921713);uf('r', 1517087, 1331921713);&cnd=!WSUzIgjCghEQn8xcGAAgh-wIMAM474YFQARI9AZQ5MUsWABgmgFoAHAAeACAAQCIAQCQAQGYAQGgAQqoAQCwAQC5AZrnvFqlGOE_wQGa57xapRjhP8kBiZgngPo_8T_ZAQWjkjoBTeg_4AEA&ccd=!7ASFJwjCghEQn8xcGIfsCCAE&vpid=156&referrer=http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html&media_subtypes=1&dlo=1
(function anonymous() {uf("a", 41156, 1331921713);uf("r", 1517087, 1331921713);DUMMY_EXPR;})

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://ib.adnxs.com/if?enc=tksbDkuD5j-2SxsOS4PmPwAAAIDrUQBAtksbDkuD5j-2SxsOS4PmP7Yu2PmXWH4e2nmwBLXjtnMxg2NPAAAAAOQiCwB0AwAAdAMAAAIAAAAfJhcABzYCAAAAAABVU0QARVVSAKAAWAJvQwAAfQsAAgQCAQUAAIIAFyCOYwAAAAA.&udj=uf%28%27a%27%2C+41156%2C+1331921713%29%3Buf%28%27r%27%2C+1517087%2C+1331921713%29%3B&cnd=!WSUzIgjCghEQn8xcGAAgh-wIMAM474YFQARI9AZQ5MUsWABgmgFoAHAAeACAAQCIAQCQAQGYAQGgAQqoAQCwAQC5AZrnvFqlGOE_wQGa57xapRjhP8kBiZgngPo_8T_ZAQWjkjoBTeg_4AEA&ccd=!7ASFJwjCghEQn8xcGIfsCCAE&vpid=156&referrer=http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html&media_subtypes=1&dlo=1] requested from [http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html]. Sanitized URL: [http://ib.adnxs.com/if?enc=tksbDkuD5j-2SxsOS4PmPwAAAIDrUQ20tksbDkuD5j-2SxsOS4PmP7Yu2PmXWH4e2nmwBLXjtnMxg2NPAAAAAOQiCwB0AwAAdAMAAAIAAAAfJhcABzYCAAAAAABVU0QARVVSAKAAWAJvQwAAfQsAAgQ20QUAAIIAFyCOYwAAAAA.&udj=uf%20%20a%20%2C+41156%2C+1331921713%20%3Buf%20%20r%20%2C+1517087%2C+1331921713%20%3B&cnd=!WSUzIgjCghEQn8xcGAAgh-wIMAM474YFQARI9AZQ5MUsWABgmgFoAHAAeACAAQCIAQCQAQGYAQGgAQqoAQCwAQ20AZrnvFqlGOE_wQGa57xapRjhP8kBiZgngPo_8T_ZAQWjkjoBTeg_4AEA&ccd=!7ASFJwjCghEQn8xcGIfsCCAE&vpid=156&referrer=http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html&media_subtypes=1&dlo=1#11047919853104393856].

Proxy: 81.169.182.101:3128
Login from bugmenot as its a cpa .


Bück dich hoch sounded interesting.
Then some Unheilig played. Not a bad playlist.
But the Kraftclub was pretty bla. And Madonna, for get about it.

[Giorgio Maone]

Though:

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://ib.adnxs.com/if?enc=tksbDkuD5j-2SxsOS4PmPwAAAIDrUQBAtksbDkuD5j-2SxsOS4PmP7Yu2PmXWH4e2nmwBLXjtnMxg2NPAAAAAOQiCwB0AwAAdAMAAAIAAAAfJhcABzYCAAAAAABVU0QARVVSAKAAWAJvQwAAfQsAAgQCAQUAAIIAFyCOYwAAAAA.&udj=uf%28%27a%27%2C+41156%2C+1331921713%29%3Buf%28%27r%27%2C+1517087%2C+1331921713%29%3B&cnd=!WSUzIgjCghEQn8xcGAAgh-wIMAM474YFQARI9AZQ5MUsWABgmgFoAHAAeACAAQCIAQCQAQGYAQGgAQqoAQCwAQC5AZrnvFqlGOE_wQGa57xapRjhP8kBiZgngPo_8T_ZAQWjkjoBTeg_4AEA&ccd=!7ASFJwjCghEQn8xcGIfsCCAE&vpid=156&referrer=http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html&media_subtypes=1&dlo=1] requested from [http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html]. Sanitized URL: [http://ib.adnxs.com/if?enc=tksbDkuD5j-2SxsOS4PmPwAAAIDrUQ20tksbDkuD5j-2SxsOS4PmP7Yu2PmXWH4e2nmwBLXjtnMxg2NPAAAAAOQiCwB0AwAAdAMAAAIAAAAfJhcABzYCAAAAAABVU0QARVVSAKAAWAJvQwAAfQsAAgQ20QUAAIIAFyCOYwAAAAA.&udj=uf%20%20a%20%2C+41156%2C+1331921713%20%3Buf%20%20r%20%2C+1517087%2C+1331921713%20%3B&cnd=!WSUzIgjCghEQn8xcGAAgh-wIMAM474YFQARI9AZQ5MUsWABgmgFoAHAAeACAAQCIAQCQAQGYAQGgAQqoAQCwAQ20AZrnvFqlGOE_wQGa57xapRjhP8kBiZgngPo_8T_ZAQWjkjoBTeg_4AEA&ccd=!7ASFJwjCghEQn8xcGIfsCCAE&vpid=156&referrer=http://www.simfyads.de/displayads/website/rotation_misc_ajax_160x600.html&media_subtypes=1&dlo=1#11047919853104393856].

Just "Mark adnxs.com as untrusted".

[MuScript]

I downloaded and installed the latest developer release of NoScript (2.3.5rc6). With this version there's no longer a ClearClick warning. Note, however, that I changed into a virtual machine for that experiment (if this could distort the result).