XSS Attempt on here ?

[CloneRanger]

I tried several times to reply with screenies in here http://www.wilderssecurity.com/showthread.php?t=329939 FireFox, Top Security/Privacy Extension

Each time i got this



due to this



I disabled NoScript v2.5.1 + was then able to post ? I then discovered the screenies are NOT auto showing, but if you right click them they do open in a new instance of FF !

I was able to post in another thread just fine, Without screenies !

Any ideas why this is happening now ?

TIA

Edit - Screenies showing fine in this post.

[LowWaterMark]

I'm afraid there really isn't enough information in what's shown above for me to determine just what was gong on. I can say there is nothing overly special about the thread you were replying to. There's no imbedded exploit or anything like that in there. The best I can determine is that its some kind of f/p from NoScript.

Any product that "detects" some kind of problem, whether malware, exploit, bad URLs, and even spam content... does so via some kind of fingerprinting or signature. Like any type of detection, there is a chance that f/p can occur. Maybe there was something specific in the combination of your browser, NoScript, the data in your reply, and the fact that you were attaching external content, (the uploaded image attachments), that caused it to trigger the detection.

[CloneRanger]

@ LowWaterMark

Hi, yes i wasn't thinking there would be a nasty etc on here

I've just posted a reply in my WSA thread, + the screenie showed first time. Also no XSS alert Plus i can BOLD + use smilies now too Plus the screenies in the thread i first posted about are now Auto appearing ?

Don't know if it was something at my end, but if it was, it "appears" to have self corrected itself !

Thanks for looking into it

[CloneRanger]

After several more posts in the last few mins, i think the issues are to do with the SecretAgent FF AddOn !

I had problems with Bolding + Smilies in one post, which were resolved when i refreshed the page. As SA rotates the User Agent, some of these "appear" to confuse www's.

[LowWaterMark]

Quote:

Originally Posted by CloneRanger

As SA rotates the User Agent, some of these "appear" to confuse www's.

Ah, so you are actually using that tool here then? Yes, changing User Agent can cause unexpected issues. Several functions in the forum software key off of whatever User Agent is passed into them. Some features are not available to some browers, (or other web accessing tools such as wget and the like), and are disabled to them. Others require different coding to produce the same type result in different browsers.

Looking at the list of UAs it alternates through from the other thread, I think it's a terrible idea. It's one thing to say your Firefox is Opera or Internet Explorer, but, it's quite another thing to say Firefox is lynx or wget, which do not support a great many of the features used in the presentation of pages here. Those will always generate errors or unexpected results.

[CloneRanger]

@ LowWaterMark

I agree, some of those UA's are over the top

Thanks for looking at the UA's I believe it MUST have been "some" of those causing the issue.