[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Noscript 2.0 causes error messages in Tor



Le Thu, 29 Jul 2010 04:13:44 -0400,
whowatchesthewatcherswatches@xxxxxxxxxxxxx a Ãcrit :

> I experienced errors in Tor with failure messages related to a
> destination address. I determined the new version of Noscript was the
> cause and reading the article below, I now know why. If you have
> witnessed these errors with Noscript 2.0, reply here. Whst is the
> remedy to this error?
> 
> I downgraded to an older version to dodge this error, I would like to
> keep current. The new feature related to ABE, see below, was causing
> the error message in Tor. Tor works with Noscript 2.0, but with error
> messages timed to every 5-10 minutes. I don't recommend Noscript 2.0
> for Tor users ATM unless this error may be resolved.
> 
> Noscript 2.0 Released, Firefox Plugin
> 
> http://www.h-online.com/security/news/item/Firefox-plug-in-NoScript-2-0-released-1047176.html
> 
> 28 July 2010, 17:38
> 
> NoScript (http://noscript.net/) creator Giorgio Maone
> (http://maone.net/) has announced
> (http://twitter.com/ma1/status/19660159603) the release of version
> 2.0 of his open source extension for Mozilla's Firefox browser that
> blocks the execution of JavaScript, Java, Flash and other plug-ins or
> scripted content. The add-on for Firefox includes a white list
> (http://en.wikipedia.org/wiki/Whitelist) to allow scripts from
> certain web sites and helps to prevent clickjacking
> (http://en.wikipedia.org/wiki/Clickjacking) attacks, which involve a
> crafted web site inserting a transparent iFrame underneath the user's
> cursor. Victims believe that they are clicking on the displayed web
> page, when in fact they are actually clicking on control elements
> (e.g. buttons) on a transparent iFrame from another website.
> 
> According to its developer, the latest version of the NoScript add-on
> for Firefox is even more reliable, has an updated user interface
> synchronisation system that's more efficient than previous versions
> and includes several improvements against cross-site scripting (XSS).
> Maone is especially proud of the new feature in version 2.0 that
> builds on the add-on's Application Boundaries Enforcer (ABE)
> (http://noscript.net/abe) module and provides cross-zone CSRF
> protection for flawed routers which expose their WAN IP on their LAN
> interface, saying that it "saves your router's ass even if it's so
> flawed to expose its UI on the LAN with its WAN IP". Other changes
> include the addition of an import / export feature, better handling
> of mixed permissions pages and improved support for Firefox Mobile,
> also known as "Fennec".
> 
> More details about the release can be found in the change log
> (http://noscript.net/changelog). NoScript 2.0 is available to
> download (http://noscript.net/getit) from the project's site or from
> the Add-ons for Firefox
> (https://addons.mozilla.org/firefox/addon/722) portal and supports
> Firefox 3.0 or later. Users running older versions of Firefox must
> use the previous 1.10.x branch of NoScript. NoScript is licensed
> under version 2 of the GNU General Public License
> (https://addons.mozilla.org/en-US/firefox/versions/license/113776).
> 
> See also:
> 
>     * ABE Patrols the Routes to Your Routers, blog post by Maone.
> 	http://hackademix.net/2010/07/28/abe-patrols-the-routes-to-your-routers/
>     * 26C3: Protection against Flash security holes, a report from
> The H.
> http://www.h-online.com/news/item/26C3-Protection-against-Flash-security-holes-893689.html
> 
> "Stay thirsty my friends"
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Hi,

I running FF 3.6.8 on Linux 64 and special plugins for Tor included
Noscript 2 with the new feature and it run really well, No errors
caused and no errors in Tor logs...

So maybe your config must be wrong somewhere.

Best regards

SwissTorExit
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/