On navigating to a page NS tells me that scripts are blocked. I allow them and (it's a booking site) it resends the information. So far so good. Then a message (I think it's something to do with XSS) appears at the top of the window and almost immediately disappears. The browser pane dims, a white panel appears on top of the image, and everything stops. The cursor is an arrow in the white panel (but there's nothing to click on), and an hourglass in the rest of the browser pane.
Presumably I need to enable something in my XSS options, but without information from NS I can't tell what. Where do I go from here?
The browser's Firefox 14.0.1. OS is Windows 7.
NoScript message disappears from screen
NoScript message disappears from screen
Peter
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Re: NoScript message disappears from screen
URL?
You can check Error Console (Ctrl+Shift+J) to see if anything is logged there.
You can check Error Console (Ctrl+Shift+J) to see if anything is logged there.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Firefox/17.0 SeaMonkey/2.14a2
Re: NoScript message disappears from screen
As it's a booking form, the URL will have a lot of info or maybe planted cookies so it may not help. But here it is: http://www.condorbooking.co.uk/ExtResNe ... p=EN_S2_QQ
I'm not a malware expert, just a user. Anyway, I did the booking by old-fashioned telephone so the urgency has gone away.
Thanks for the idea about the error log. There's a lot of parsing errors, but 2 which might be significant:
I'm not a malware expert, just a user. Anyway, I did the booking by old-fashioned telephone so the urgency has gone away.
Thanks for the idea about the error log. There's a lot of parsing errors, but 2 which might be significant:
Code: Select all
[NoScript InjectionChecker] HTML injection:
<meta
matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\/]|['"](?:[\s\S]*[\s\/])?)(?:formaction|style|background|src|lowsrc|ping|on(?:e(?:rror(?:update)?|nd)|c(?:o(?:nt(?:extmenu|rolselect)|py)|ut|lick|(?:ellc)?hange)|m(?:o(?:ve(?:end|start)?|use(?:o(?:ut|ver)|up|(?:mo|lea)ve|down|wheel|enter))|essage)|lo(?:ad|secapture)|d(?:r(?:ag(?:en(?:d|ter)|drop|over|leave|start)?|op)|ata(?:setc(?:hanged|omplete)|available)|blclick|eactivate)|s(?:t(?:op|art)|elect(?:start)?|croll|ubmit)|b(?:e(?:for(?:e(?:c(?:ut|opy)|p(?:aste|rint)|u(?:pdate|nload)|activate|editfocus)|deactivate)|gin)|lur|ounce)|p(?:ast|ropertychang)e|key(?:up|down|press)|f(?:o(?:cus(?:in|out)?|rm(?:input|change))|i(?:nish|lterchange))|in(?:put|valid)|a(?:fter(?:print|update)|bort|ctivate)|r(?:e(?:s(?:et|ize)|peat|adystatechange)|ow(?:e(?:xit|nter)|s(?:delete|inserted)))|zoom|help|unload))[\s\x08]*=
and:
[NoScript XSS] Sanitized suspicious upload to [http://www.condorbooking.co.uk/ExtResNew/GotoSearch.asp?__utma=1.1428100174.1346321404.1346333655.1346339004.4&__utmb=1.1.10.1346339004&__utmc=1&__utmx=-&__utmz=1.1346321404.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&__utmv=-&__utmk=83783702###DATA###%2FwEPDwUKMTAwMjEwODE5Nw9kFgJmD2QWBAIBD2QWAgIBD2QWBgIBDxYEHgRUZXh0BWU8dGl0bGU%2BRmVycmllcyB0byBGcmFuY2UsIFN0LiBNYWxvLCBCcml0dGFueSwgSmVyc2V5LCBHdWVybnNleSBhbmQgdGhlIFVLIHdpdGggQ29uZG9yIEZlcnJpZXM8L3RpdGxlPh4HVmlzaWJsZWdkAgIPFgQfAAXnATxtZXRhIG5hbWU9ImtleXdvcmRzIiBjb250ZW50PSJmZXJyaWVzIHRvIEZyYW5jZSwgZmVycmllcyB0byBCcml0dGFueSwgZmVycnkgc2VydmljZXMsIGNhciBmZXJyeSwgZmFzdCBmZXJyeSwgU3QuIE1hbG8sIFBvb2xlLCBXZXltb3V0aCwgUG9ydHNtb3V0aCwgZG92ZXIgZmVycnksIGJyaXRhbnkgZmVycmllcywgZmVycnkgU3QuIE1hbG8sIGhhbGYgdGVybSBicmVha3MsIHdlZWtlbmQgYnJlYWtzIiAvPh8BZ2QCAw8WBB8ABfIBPG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkZlcnJpZXMgdG8gRnJhbmNlLCBCcml0dGFueSwgYW5kIG90aGVyIGZlcnJ5IHNlcnZpY2UgZGVzdGluYXRpb25zIGluY2x1ZGluZyBTdC4gTWFsbywgSmVyc2V5LCBHdWVybnNleSwgUG9vbGUsIFBvcnRzbW91dGggYW5kIFdleW1vdXRoLiBTYXZlIG1vcmUgdGhhbiBtaWxlcyB0byBnZXQgdG8geW91ciBkZXN0aW5hdGlvbiB3aXRoIENvbmRvciBGZXJyaWVzLiIgLz4fAWdkAgMPZBYGAgMPZBYGAgEPFgIeBWNsYXNzBQZhY3RpdmVkAg0PFgIfAgUOYm9va05vd1RhYkhvbWVkAg8PFgIeBXN0eWxlBRtsZWZ0OiA3MzVweDsgZGlzcGxheTpibG9jaztkAgUPZBYCAgEPDxYEHhFEZXN0aW5hdGlvblJlZ2lvbmUeDE9yaWdpblJlZ2lvbmVkFgICBA9kFgJmD2QWDAIDDw8WAh8ABRE8QlI%2BUExPQUQ6IG89LCBkPWRkAgUPZBYIAgEPZBYCZg8PFgQeCENzc0NsYXNzBRFkZXN0aW5hdGlvbkJ1dHRvbh4EXyFTQgICZGQCAw9kFgJmDw8WBB8GBRFkZXN0aW5hdGlvbkJ1dHRvbh8HAgJkZAIFD2QWAmYPDxYEHwYFEWRlc3RpbmF0aW9uQnV0dG9uHwcCAmRkAgcPZBYCZg8PFgQfBgURZGVzdGluYXRpb25CdXR0b24fBwICZGQCBw8WAh8CBRZhY2NUaXRsZSBndWVybnNleVRpdGxlFgJmDw8WBB8GBQxvcmlnaW5CdXR0b24fBwICZGQCCQ8WAh8CBRBhY2NUaXRsZSB1a1RpdGxlFgJmDw8WBB8GBQxvcmlnaW5CdXR0b24fBwICZGQCCw8WAh8CBRRhY2NUaXRsZSBqZXJzZXlUaXRsZRYCZg8PFgQfBgUMb3JpZ2luQnV0dG9uHwcCAmRkAg0PFgIeC18hSXRlbUNvdW50AgMWBgIBD2QWAmYPFQcIZ3Vlcm5zZXkGamVyc2V5EGplcnNleS1kYXktdHJpcC0QSmVyc2V5IERheSBUcmlwIAlGcm9tIG9ubHkCMzAeRmFzdCBmZXJyeSBkYXkgdHJpcHMgaW4gSmVyc2V5ZAICD2QWAmYPFQcGamVyc2V5CGd1ZXJuc2V5EWZlcnJ5LXNwYS1wYWNrYWdlEUZlcnJ5IFNwYSBQYWNrYWdlB0F0IEp1c3QCNzAuRGF5IFRyaXAgdG8gR3Vlcm5zZXkgd2l0aCBIYWxmIERheSBTcGEgUGFja2FnZWQCAw9kFgJmDxUHCGd1ZXJuc2V5BnN0bWFsbxRzdXBlcmJyZWFrLWV4dGVuc2lvbhRTdXBlckJyZWFrIGV4dGVuc2lvbglGcm9tIEp1c3QCNzUnMyBuaWdodCBicmVha3MgZnJvbSBHdWVybnNleSB0byBTdCBNYWxvZAIHD2QWBAIBDxYCHwFnZAIDDxYCHwFnZGQFpRnh%2BX5X9G1lWUH2ilyNSTFzHGTdTXlQXeaaL0PM5w%3D%3D] from [http://www.condorferries.co.uk/default.aspx]: transformed into a download-only GET request.Peter
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1