1
With the recent changes to Firefox (and NoScript apparently) I am getting frequent XSS warnings from "tqn" in particular. It seems to happen every time I do even minor things like open a new tab in Firefox. This is what it looks like:
Can somebody help parse this error and explain to me why it is happening?
Tyler Durden
Posted 2017-11-29T14:25:45.370
Reputation: 4 710
0
My partial results:
whois.com says tqn.com is registered to MarkMonitor Inc., that has a markmonitor.com site.
In markmonitor.com says Mark Monitor Inc. is some company selling intellectual property protection related stuff.
The request in my case came from a favicon request for a lifewire.com page. Revisiting that page triggered the NoScript warning again.
I don't know why a favicon request would trigger an XSS warning though, so this is not a complete answer. I put this here in case it's useful to someone.
Maybe some kind of fingerprinting going on?
fede s.
Posted 2017-11-29T14:25:45.370
Reputation: 111
0
These urls are generated with thumbor. You can apply filter on some images via thumbor. In your example, a fill filter is applied. Thumbor filter uses parenthesis. Parenthesis are valid characters in URI (see RFC 3986 - Section 2: Characters).
IMO the problem is No-Script extension which is too restrictive. You should report the problem to No-Script communauty.
franek
Posted 2017-11-29T14:25:45.370
Reputation: 1
I am getting similar warnings for tidal.com (which I visited once). Always allow doesn't stop the popups – DavidPostill – 2017-11-29T14:44:29.630
It did something like this for me from the search bar, the first time I searched for a Wikipedia entry. I suppose it is a cross-script to load something, maybe even just the favicon. My guess is that You might get more eyes on this question on the NoScript support forum. https://forums.informaction.com/viewforum.php?f=7
– Mike Chapman – 2017-11-30T22:44:58.833Did you solve it? I had the same, but it stopped. I wish I knew why and what's tqn in the first place – fede s. – 2017-12-18T15:49:31.697
@fedes. Nope still happening and getting worse. – Tyler Durden – 2017-12-18T15:52:31.893
According to FF Lightbeam in my case it seems it's some kind of favicon request from lifewire.com – fede s. – 2017-12-18T18:16:46.957