I think it's fixed. The redirect to the malicious domain ~ Domain Mention Removed ~ is no longer in the source.
the major problem is that CSS and also 3rd-party is not blocked by default. users need to adjust their content filters! means, see, what adblocker can do for you, uBlock can do. *$stylesheet,3p ofc this means to set exclusions
Is hard mode a recommended usage? https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode Except "3rd-party" ("Ressourcen aus Drittquellen") which is set to noop the other 3rd-party is blocked here too by default. But that results in some exclusions, and i have in mind that someone recommended noop might better in general. ofc my personal blocklist in ublock=umatrix is growing over time (180 entries that far) (although uM is not supported it does a good job in blocking sites where uBo is disabled for trialing)
Hard mode didn't really work on the test page here for me: https://www.mike-gualtieri.com/css-exfil-vulnerability-tester But adding the * * 1p-script block rule along with the other two used by the Medium Mode worked. * * 3p-frame block * * 3p-script block Indeed, some website will require exceptions, but it is what is it.
Hard mode only protects against cross-domain CSS, of course. And blocking 1st-party scripts doesn't show any results on that site as it requires javascript. So cross-domain CSS is blocked by Hard Mode. And if it comes to same-origin CSS, I can only confirm what arkenfox writes:
The problem would have been avoided even with uBlock Origin in Hard Mode + TLD's. Or with Adguard MV3 in Hard Mode + TLD. Personally, I would have avoided the problem even with just the TLDs I set up in Next DNS.
But it didn't block the JS script on the test page, or you will see that JS is needed. This is not how you perform the test. I tried that with NoScript and the test failed with a warning that JS is needed. When selected Custom and unchecked script and noscript then JS was active, but the test was successful (no images loaded). The same was achieved with the 1st-party rules in the uBlock settings. That was I meant.
I see a long discussion about uBlock in this thread, but against this kind of stuff it can't protect right? I mean if the website is hacked it will of course show you the fake browser update or whatever, I sometimes see it on other sites too.
you have uncounted problems with ublock and vivaldi. your point of interest should be elsewhere but not here.
For the third time: Think before you speak/write, because now it's just jibberish. This hasn't got anything to do with Vivaldi, I'm just saying we can't expect uBlock to block everything. But I see people talking about uBlock's hard mode, so I wonder what this is all about.
