noscript xss warning on qubes os site
87 views
Skip to first unread message
pixel fairy
Feb 1, 2018, 4:54:25 AM2/1/18
to qubes-users
noscript, the firefox extention, pops up the following about the qubes site,
NoScript detected a potential Cross-Site Scripting attack
from [...] to https://www.qubes-os.org.
Suspicious data:
awokd
Feb 1, 2018, 6:31:45 AM2/1/18
to pixel fairy, qubes-users
https://www.qubes-os.org. Where are you seeing it?
pixel fairy
Feb 1, 2018, 9:50:27 AM2/1/18
to qubes-users
On Thursday, February 1, 2018 at 3:31:45 AM UTC-8, awokd wrote:
> Not seeing this in Tor Browser 7.5 with Noscript 5.1.8.4 when I browse to
> https://www.qubes-os.org. Where are you seeing it?
firefox on fedora-26. install noscript, look at the qubes site. go to other sites. maybe restart the browser, and you get that.
vel...@tutamail.com
Feb 1, 2018, 11:56:07 AM2/1/18
to qubes-users
I got it in Fedora 26 appVM as well but the website was fedora.org. I am using 3.2...
Vincent Adultman
Feb 4, 2018, 10:03:04 AM2/4/18
to qubes...@googlegroups.com
Confirm I get this too with noscript in firefox. Will try and get some details together if I can and file an issue...
Andrew David Wong
Feb 4, 2018, 7:35:00 PM2/4/18
to Vincent Adultman, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2018-02-04 09:02, 'Vincent Adultman' via qubes-users wrote:
> Confirm I get this too with noscript in firefox. Will try and get
> some details together if I can and file an issue...
>
Thank you! That would be very helpful!
We've been investigating this problem for a while, but we haven't been
able to determine the cause.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlp3pqEACgkQ203TvDlQ
MDDAvBAAu7qFXN+7Fue5BohqBXt5HUgcesm05DIslrMOG7I7eNJnJj55TUD7HYqL
PCFShZP+zYG6xizugBikoW0tucWdJ+3zu7XXV5yI1d0ajmMcYwR9bBccayRtnetg
zoM6A/5YZJ7JrpCrZPIRKN1ssrbeIUrkrm/6HH0466H0w5SsfXxQV4ZfjLjN5pvu
xvLAR44Ifts/7Twg6Nfxo1irGfDpiEPcQ0gW/ktGyK5OTPpRh1POtrh4MK3bSoCM
HPKHlxbjooO0kfB1Su/a4zkyYooOHxc5rJ3sgZ8Umqv+qvu/kpYvspGmAFphGJR3
wKcepQoj0XYJcmCSQL12IT4Wazam2ppOdN3epLWXgKdIVu5oPyWzU20bkbq+fCkM
uh9tUjOuvaQiu8sY1a1o3Lv9YB7xqSryAtvMENrKD1Ogzca4xzYeatfGMCg/n5Cr
m+2p3rG3k7TsLlcGxuj27fc4WNa1MrBC6pU3GzJ7E+GkJa/pY7AhGxJ3AjVoErcX
kFoIwctbW7g1dgxg/NpjXdJy5igX3zxqLiUkDbN187XnzHQeNlnpbL7Qhd3A41Uh
aVvB5LBPKuUV/pWmOfdFTgPam4EaCj3UO/lwYfz/hAKqI49Q4owHzTHPOGwetgYj
BF7wcyT3wAu8yb/Oe9bZX2BpiJ3TyhvgXTuX8n7E+5arTiNgkEY=
=CcIN
-----END PGP SIGNATURE-----
Hash: SHA512
On 2018-02-04 09:02, 'Vincent Adultman' via qubes-users wrote:
> Confirm I get this too with noscript in firefox. Will try and get
> some details together if I can and file an issue...
>
We've been investigating this problem for a while, but we haven't been
able to determine the cause.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlp3pqEACgkQ203TvDlQ
MDDAvBAAu7qFXN+7Fue5BohqBXt5HUgcesm05DIslrMOG7I7eNJnJj55TUD7HYqL
PCFShZP+zYG6xizugBikoW0tucWdJ+3zu7XXV5yI1d0ajmMcYwR9bBccayRtnetg
zoM6A/5YZJ7JrpCrZPIRKN1ssrbeIUrkrm/6HH0466H0w5SsfXxQV4ZfjLjN5pvu
xvLAR44Ifts/7Twg6Nfxo1irGfDpiEPcQ0gW/ktGyK5OTPpRh1POtrh4MK3bSoCM
HPKHlxbjooO0kfB1Su/a4zkyYooOHxc5rJ3sgZ8Umqv+qvu/kpYvspGmAFphGJR3
wKcepQoj0XYJcmCSQL12IT4Wazam2ppOdN3epLWXgKdIVu5oPyWzU20bkbq+fCkM
uh9tUjOuvaQiu8sY1a1o3Lv9YB7xqSryAtvMENrKD1Ogzca4xzYeatfGMCg/n5Cr
m+2p3rG3k7TsLlcGxuj27fc4WNa1MrBC6pU3GzJ7E+GkJa/pY7AhGxJ3AjVoErcX
kFoIwctbW7g1dgxg/NpjXdJy5igX3zxqLiUkDbN187XnzHQeNlnpbL7Qhd3A41Uh
aVvB5LBPKuUV/pWmOfdFTgPam4EaCj3UO/lwYfz/hAKqI49Q4owHzTHPOGwetgYj
BF7wcyT3wAu8yb/Oe9bZX2BpiJ3TyhvgXTuX8n7E+5arTiNgkEY=
=CcIN
-----END PGP SIGNATURE-----
Vincent Adultman
Feb 6, 2018, 6:25:31 AM2/6/18
to Andrew David Wong, qubes...@googlegroups.com
-------- Original Message --------
On February 5, 2018 12:34 AM, Andrew David Wong <a...@qubes-os.org> wrote:
> On 2018-02-04 09:02, 'Vincent Adultman' via qubes-users wrote:
>>Confirm I get this too with noscript in firefox. Will try and get
>> some details together if I can and file an issue...
>>
> Thank you! That would be very helpful!
>
> We've been investigating this problem for a while, but we haven't been
> able to determine the cause.
Looks like it may well be not our problem. With the below test version installed from https://noscript.net/getit#devel I no longer have the issue. Perhaps someone else could also give this version a go to confirm.
> On 2018-02-04 09:02, 'Vincent Adultman' via qubes-users wrote:
>>Confirm I get this too with noscript in firefox. Will try and get
>> some details together if I can and file an issue...
>>
> Thank you! That would be very helpful!
>
> We've been investigating this problem for a while, but we haven't been
> able to determine the cause.
v 10.1.6.5rc2
=============================================================
x [XSS] More specific and unobtrusive handling of window.name
sanitization
Reply all
Reply to author
Forward
0 new messages