1

Recently I tried to login into my Yahoo mail account with Firefox ESR where NoScript showed me this warning when the captcha was shown at the login:

NoScript filtered a potential cross-site scripting (XSS) attempt from [https.login.yahoo.net]. Technical details have been logged to the Console.

NoScript also opened a window about "clickjacking / UI redressing" in the captcha. Iirc without unlocking the 'Verify' button would not be clickable and fully visible. I'm also getting a window about this for other Google Captchas such as on stack exchange sites.

I did not get the XSS warning at earlier logins except for maybe one or two exceptions.

The URL basically looked like this: https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password

Here is the copy pasted content of the console (pastebin.com/e9BgXheC):

Hey developer! Want to see more verbose logging?  util.js:14:1
Type this into the console: DEFAULT_LOG_LEVEL=VERB  util.js:15:1
Accepted levels are VERB, DBUG, INFO, NOTE and WARN, default is NOTE  util.js:16:1
NoScript WebExt Ready  noscript.js:43:1
NoScript preferences backed on the WebExtension side  legacy.js:17:9
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
downloadable font: download failed (font-family: "Open Sans" style:normal weight:normal stretch:normal src index:0): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Regular-webfont.3f642fa3ea74.woff2  mdn.340edd757ddc.css:4:22660
downloadable font: download failed (font-family: "Open Sans" style:normal weight:normal stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Regular-webfont.ac327c4db628.woff  mdn.340edd757ddc.css:4:22660
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/styles/libs/font-awesome/fonts/fontawesome-webfont.fdf491ce5ff5.woff?v=4.1.0  mdn.340edd757ddc.css:4:279
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:2): content blocked source: https://developer.cdn.mozilla.net/static/styles/libs/font-awesome/fonts/fontawesome-webfont.4f0022f25672.ttf?v=4.1.0  mdn.340edd757ddc.css:4:279
downloadable font: download failed (font-family: "Open Sans" style:normal weight:bold stretch:normal src index:0): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Semibold-webfont.b25e8a5a61a4.woff2  mdn.340edd757ddc.css:4:22889
downloadable font: download failed (font-family: "Open Sans" style:normal weight:bold stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Semibold-webfont.56bfcae65300.woff  mdn.340edd757ddc.css:4:22889
downloadable font: download failed (font-family: "zillaslab" style:normal weight:bold stretch:normal src index:0): content blocked source: https://developer.cdn.mozilla.net/static/fonts/locales/ZillaSlab-Bold.8d7f01331d2b.woff2  locale-en-US.7e45c23d7d30.css:1:240
downloadable font: download failed (font-family: "zillaslab" style:normal weight:bold stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/fonts/locales/ZillaSlab-Bold.be1d6507cb98.woff  locale-en-US.7e45c23d7d30.css:1:240
downloadable font: download failed (font-family: "Open Sans" style:italic weight:normal stretch:normal src index:0): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Italic-webfont.47c24d65c5a6.woff2  mdn.340edd757ddc.css:4:23120
downloadable font: download failed (font-family: "Open Sans" style:italic weight:normal stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Italic-webfont.525074686dfb.woff  mdn.340edd757ddc.css:4:23120
downloadable font: download failed (font-family: "zillaslab" style:normal weight:normal stretch:normal src index:0): content blocked source: https://developer.cdn.mozilla.net/static/fonts/locales/ZillaSlab-Regular.f9de6143fdfa.woff2  locale-en-US.7e45c23d7d30.css:1:11
downloadable font: download failed (font-family: "zillaslab" style:normal weight:normal stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/fonts/locales/ZillaSlab-Regular.f7120c75de27.woff  locale-en-US.7e45c23d7d30.css:1:11
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
downloadable font: download failed (font-family: "Raleway" style:normal weight:normal stretch:normal src index:2): content blocked source: https://fonts.gstatic.com/s/raleway/v11/IczWvq5y_Cwwv_rBjOtT0w.woff  css:1:12
downloadable font: download failed (font-family: "Raleway" style:normal weight:800 stretch:normal src index:2): content blocked source: https://fonts.gstatic.com/s/raleway/v11/1ImRNPx4870-D9a1EBUdPBsxEYwM7FgeyaSgU71cLG0.woff  css:13:12
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:1): content blocked source: https://www.whatismyip.net/assets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0  font-awesome.min.css:4:14
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:2): content blocked source: https://www.whatismyip.net/assets/font-awesome/fonts/fontawesome-webfont.woff?v=4.7.0  font-awesome.min.css:4:14
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:3): content blocked source: https://www.whatismyip.net/assets/font-awesome/fonts/fontawesome-webfont.ttf?v=4.7.0  font-awesome.min.css:4:14
downloadable font: download failed (font-family: "Raleway" style:normal weight:600 stretch:normal src index:2): content blocked source: https://fonts.gstatic.com/s/raleway/v11/xkvoNo9fC8O2RDydKj12bxsxEYwM7FgeyaSgU71cLG0.woff  css:7:12
downloadable font: download failed (font-family: "Glyphicons Halflings" style:normal weight:normal stretch:normal src index:1): content blocked source: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2  bootstrap.min.css:5:3022
downloadable font: download failed (font-family: "Glyphicons Halflings" style:normal weight:normal stretch:normal src index:2): content blocked source: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff  bootstrap.min.css:5:3022
downloadable font: download failed (font-family: "Glyphicons Halflings" style:normal weight:normal stretch:normal src index:3): content blocked source: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.ttf  bootstrap.min.css:5:3022
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
[NoScript ClearClick] Swallowed event mousedown on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event mouseup on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event click on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
Warning: ‘nsIOService::NewChannel()’ deprecated, please use ‘nsIOService::NewChannel2()’  DMS.js:1397:14
No chrome package registered for chrome://dta-modules/content/support/filtermanager.js
Warning: ‘nsIOService::NewChannel()’ deprecated, please use ‘nsIOService::NewChannel2()’  DMS.js:1401:14
Warning: ‘nsIOService::NewChannel()’ deprecated, please use ‘nsIOService::NewChannel2()’  DMS.js:1397:14
No chrome package registered for chrome://dta-modules/content/support/filtermanager.js
Warning: ‘nsIOService::NewChannel()’ deprecated, please use ‘nsIOService::NewChannel2()’  DMS.js:1401:14
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
XML Parsing Error: no root element found
Location: https://e.reddit.com/v1?key=RedditFrontend1&mac=amacid
Line Number 1, Column 1:  v1:1:1
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
[NoScript ClearClick] Swallowed event mousedown on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event mouseup on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event click on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[ABE WAN] Trying to detect WAN IP...
[ABE WAN] Detected WAN IP ip
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
Sync encountered an error - see about:sync-log for the log file.  policies.js:729
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
[ABE WAN] Trying to detect WAN IP...
[ABE WAN] WAN IP not detected!
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
[ABE WAN] Trying to detect WAN IP...
[ABE WAN] WAN IP not detected!
NoScript preferences backed on the WebExtension side  legacy.js:17:9
number  addons.repository   WARN    Search failed when repopulating cache
update.locale file doesn't exist in either the application or GRE directories  UpdateUtils.jsm:148
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.productaddons    WARN    Failed downloading XML, status: 0, reason: error
number  addons.productaddons    WARN    Failed downloading XML, status: 0, reason: error
NoScript preferences backed on the WebExtension side  legacy.js:17:9
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
[NoScript ClearClick] Swallowed event mousedown on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event mouseup on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event click on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)

I find it interesting that it seems to query reddit.
I'm using the HTTPS Everywhere AddOn (of course) and I also had the Reddit Enhancement Suite installed. But I got the same error when disabling that AddOn.
I'm also wondering what the "[ABE WAN] Trying to detect WAN IP" lines mean.

And here is a related paste: https://pastebin.com/gRuUW6Vw

My question is: was this an actual XSS attempt or a false positive? Either way: why did I get this error and are more people getting this error?

user38395734
  • 11
  • 1

1 Answers1

1

Its most likely a false positive, NoScripts XSS filters are quite retarded when it comes to redirecting between different domains because of how precise the filters are. Quite a frequent example of false XSS are shown on VISA payment domains because of the redirection from the shopping domain to the payment processor.

99Con
  • 427
  • 3
  • 8