Noscript bypass ?

Discussion in 'other security issues & news' started by StevieO, Jul 26, 2009.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    i can't replicate. does noscript show all scripts block icon?
     
  3. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Yes ?
     

    Attached Files:

  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    this is what i see on that page
     

    Attached Files:

  5. tsec

    tsec Registered Member

    Joined:
    Nov 18, 2008
    Posts:
    181
    Ditto
     
  6. tlu

    tlu Guest

    Same here. StevieO, something must be misconfigured or broken on your system. Have you tried a new profile?
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Maybe some scripts are partially allowed?
    Mrk
     
  8. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    Do you have flash disabled too?

    I noticed in Opera this video works with javascript disabled but flash enabled.

    EDIT: I just tried in firefox and it doesn't play the way I have noscript setup,
    But if I uncheck "Forbid Adobe Flash" under the plug-ins tab in the noscript settings then it isn't blocked.
     
  9. Masterton

    Masterton Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    101
    Same as Cudni.

    The problem might be:
    • You haven't checked "forbid Adobe Flash" in NoScript Options > Plugins
    • The video is somehow hosted elsewhere and you have this domain whitelisted
     
  10. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    When i checked the white list i started to think it may be due to those yimg ytming entries, so i removed them, no difference.

    Then i saw the new posts and disabled Flash, which i thought i had after the last time i used it, and that did the trick, so Thanx for that.

    The thing is, i thought Flash relied on Scripting in order to work. I know for a fact on every other www i've been to with Flash i get a notice that the page etc wont display properly etc.

    So i'm not quite sure what's happening with FF and Flash. Could this be potential vulnerability vector if it works without Scripting ?

    Also tested the link with IE, see screenie. What's ActiveX got to do with it if it's a Scripting issue, as you don't need ActiveX in FF to view, or Scripting it seems ?

    In which case why do all those www's show that those things are required to view in various Browsers ?

    Thanx to all who responded.
     

    Attached Files:

    • wl.png
      wl.png
      File size:
      8.7 KB
      Views:
      548
    • ie.png
      ie.png
      File size:
      7.3 KB
      Views:
      546
  11. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Same here as well.

    Later...
     
  12. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    By default, NoScript appears to block the Flash objects until allowed. I've never tinkered with the Plugins tab in Options; it's ticked here.
     
  13. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    If you are running Adblock Plus as well, and have these filters..
    *ads*
    *advert*
    *banner*
    ....there will be no blocked script icons shown and no video, you will see a message to download flashplayer.
    Without those filters No Script blocked script icons are shown (as they should).
    You will see a red exclamation mark in Adblock Plus filter rules next to those
    abovementioned filters warning that they are too short, unreliable, and may
    slow down browsing.
     
  14. wardner

    wardner Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    3
    Flash is blocked by default in NoScript, resetting NS to default settings will do the trick, possibly reinstating other security options disabled inadvertently (3rd button from the left at the bottom) :thumb:
     
Loading...
Thread Status:
Not open for further replies.