[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8a, noscript pops up a full-browser-size window to warn me about x-site scripting

To: undisclosed-recipients: ;
Subject: [tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8a, noscript pops up a full-browser-size window to warn me about x-site scripting
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 17 Jul 2018 17:48:57 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 Jul 2018 13:49:08 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26847: Tor Browser 8a, noscript pops up a full-browser-size window to warn me
about x-site scripting
------------------------------------------+----------------------
     Reporter:  arma                      |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 When I go to certain sites in the Tor Browser 8 alpha, I get a new window
 popping up, which is the same size as my current browser window, which
 looks like it comes from noscript. It says "NoScript XSS Warning" at the
 top, and the window title is moz-extension://4536b558-.... NoScript XSS
 Warning", and there's a bit of text towards the top that says
 {{{


 NoScript detected a potential Cross-Site Scripting attack

 from http://www.espn.com to https://8397396.fls.doubleclick.net.

 Suspicious data:

 (URL)
 https://8397396.fls.doubleclick.net/activityi;src=8397396;type=espng0;cat=espna0;u1=http://www.espn.com/mlb/story/_/id/24116616
 /mlb-bryce-harper-brings-house-epic-derby-
 comeback;u2=[s.products];u3=[c.promocode];u4=[payment
 method];u5=[c.SWID];u6=[c.UNID];u7=[c.NavMethod];u8=[Trial/Monthly/Annual];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9016327828417.457?
 }}}

 and towards the bottom I have the options to block, always block, allow,
 always allow, and then an ok button.

 The example url in this case was
 http://www.espn.com/mlb/story/_/id/24116616/mlb-bryce-harper-brings-house-
 epic-derby-comeback

 (I've noticed the behavior happens pretty consistently with espn urls.)

 I'm not sure quite what behavior I would expect instead, but "making a new
 huge window that's mostly whitespace and that prevents me from doing
 anything on any tab until I've made the window go away" was not it. :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26847>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8a, noscript pops up a full-browser-size window to warn me about x-site scripting
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8a, noscript pops up a full-browser-size window to warn me about x-site scripting
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #26624 [Applications/Tor Browser]: NoScript blocks <OBJECT> on Standard-Safer security setting in 8.0a9 contrary to behavior in 8.0a8
Next by Author: Re: [tor-bugs] #25696 [Applications/Tor Browser]: Design of alpha onboarding for Tor Browser for Android
Previous by thread: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #26846, #26842, #26841, #26840, ...
Next by thread: Re: [tor-bugs] #26847 [Applications/Tor Browser]: Tor Browser 8a, noscript pops up a full-browser-size window to warn me about x-site scripting
Index(es):
- Author
- Thread