1 edit |
NoScript failed?I recently had my Firefox get stuck on a malicious site with no way out except to open task manager and close it manually. So, I marked the page as untrusted in NoScript and went back to it to see the results and it was no longer able to lock up my Firefox. Has anyone been able to successfully close a malicious tap like this without having to lose all your other open tabs? Also how was this window able to lock up firefox with NoScript enabled? Is there some setting i am missing? |
|
Reimer join:2006-08-14 Toronto, ON |
Reimer
Member
2009-Jan-25 10:00 pm
I just gave it a try.
Site doesn't even load properly without javascript allowed on the domain. Even when I did allow it, all I did was hit the back button on my mouse and and I came here just fine. |
|
|
|
to DataRiker
Has anyone been able to successfully close a malicious tap like this without having to lose all your other open tabs? I had to kill the browser process when I was taking a look at a site pushing the "AntiVirus 2009" malware. I'm not too worried about losing open tabs in such a case. I don't see it as a "noscript" failure. I had to click on the "temporarily allow" option before the malware tried to do anything. |
|
nwrickert |
to DataRiker
I just tried your link.
It didn't do much till I told "noscript" to temporarily allow scripts from the site.
Then I had to kill it.
When firefox restarted, it gave me the option to resume the crashed session. I did that, and got all of my tabs back. It seems that "noscript" removed the temporary permissions on restart, so the malware site didn't do anything after resuming.
I'm inclined to consider that a win for "noscript". |
|
2 edits |
DataRiker
Premium Member
2009-Jan-25 10:44 pm
nwrickert, that is what I would expect from NoScript as well, i wonder why I am not seeing the same behavior
It did this without me clicking "temporarily allow scripts from this site", so maybe i should reinstall?
I tend to visit "questionable" sites from time to time, that is why i am concerned. |
|
1 edit |
to DataRiker
It's a bad site. The above is what I saw on Linux. What a joke! I allowed it to download "install.exe" 46Kb file which did nothing on my system. But that's probably what would execute to infect a vulnerable OS. Firefox & tabs functioned normally, did not crash or freeze. |
|
Reimer join:2006-08-14 Toronto, ON
2 recommendations |
to DataRiker
Well according to your screenshot, you have "Allow Scripts Globally" enabled
that would explain everything |
|
3 edits |
DataRiker
Premium Member
2009-Jan-25 10:58 pm
good catch indeed
EDITED for being me being retarded !!! |
|
|
to Reimer
said by Reimer:Well according to your screenshot, you have "Allow Scripts Globally" enabled that would explain everything Good catch! DataRiker, NEVER enable "Allow Scripts Globally". Very dangerous option. |
|
|
to DataRiker
i wonder why I am not seeing the same behavior That "!" following the "S" for the noscript button indicates that you have allowed scripts globally. This reminds me of my one gripe with noscript. I would like to see a "temporarily allow scripts globally", so that if I forget to turn that off it is automatically done when restarting the browser. |
|
|
DataRiker
Premium Member
2009-Jan-25 11:02 pm
ok, so I still have a question about killing a single tab, is that possible? |
|
|
ok, so I still have a question about killing a single tab, is that possible? The problem on that malware page, is that it is in a tight scripted loop with a popup asking you to start the download. And firefox gives that popup focus priority so you can't get to the button or keystroke to close the current tab. |
|
|
DataRiker
Premium Member
2009-Jan-25 11:23 pm
I wish there was some kind of keystroke that could halt everything on the current tab. |
|
Blue2 Premium Member join:2004-04-14 France |
to DataRiker
said by DataRiker:ok, so I still have a question about killing a single tab, is that possible? I think that one of the the latest revisions of Session Manager allows this, though I haven't had the need to try it yet. » sessionmanager.mozdev.or ··· ion.html"Added the ability to choose which tabs to restore when recovering from a crash or when prompting for a session at start up. In the future the ability to choose tabs will be added to normal loads as well." It's on addon, and integrates well with Firefox and noscript. If the browser crashes, it will allow you to recover the previous session, and I've noticed that it now lists which tabs were open during the session. So I believe that you can kill the one you don't want and open the rest. |
|
angussf Premium Member join:2002-01-11 Tucson, AZ |
to DataRiker
FWIW I always hide the "Enable Scripts Globally" option in the NoScript options page, making this option difficult to get at. This keeps my (l)users from accidentally enabling this (or intentionally enabling it out of frustration with some sites). |
|
therube join:2004-11-11 Randallstown, MD |
to nwrickert
said by nwrickert:This reminds me of my one gripe with noscript. I would like to see a "temporarily allow scripts globally", so that if I forget to turn that off it is automatically done when restarting the browser. Done (since NoScript v 1.1.8.3). + The "noscript.tempGlobal" about:config preference causes the
"Globally Allow" status to be revoked at the end of each session
|
|
|
Thanks. |
|