Opened 18 months ago

Last modified 18 months ago

#25626 new defect

NoScript whitelist contains non-default entries?

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor Browser 7.5.2 linux64, automatically updated since TB 7.0.11 tar.xz to 7.5 to 7.5.1 to 7.5.2

I noticed today that my whitelist tab in NoScript's options has entries for Monero (XMR) pools on Monero-related domain names and Monero port numbers. I do not often check the tab showing the full whitelist in NoScript's options. I am experienced with NoScript and sometimes manually allow scripts but almost always as "temporary" (or adjust TorButton's security slider) unless I decide to permanently allow a site that I trust and visit often. I often manually revoke the temporary entries and adjust TorButton's security slider. I do not remember allowing these, but I have been using the same Tor Browser installation without a clean install since TBB 7.0.11, so I may have allowed them in the past and simply forgotten them. Despite that, I think I would remember allowing entries that have port numbers as these do.

I have not noticed unusual processes or other activity that could be related to cryptocurrency. As far as I know, there are no cryptocurrency programs installed.

http: // 118.190.133.167:81
http: // 46.165.232.77:8117
http: // api.minexmr.com:8080
http: // iwanttoearn.mon [space] ey:8117
http: // minemonero.gq:8117
http: // minexmr.pooldd.com:8080
http: // monero.us.to:8117
http: // mro.poolto.be:8117
http: // pool.miners.pro:8117
http: // sheepman.mine.bz:8117
http: // sorgenlos.de
http: // stablemoneropool.com:8117
http: // teracycle.net:8117
http: // uims.de
http: // xmr.prohash.net:8117
https: // api.moneropool.nl:8180
https: // apis.google.com
https: // mixpools.org:8117
https: // monero.crypto-pool.fr:8091
https: // uims.de
https: // usxmrpool.com:8119
https: // web.xmrpool.eu:8119
https: // xmr.minercircle.com:8079
https: // xmr.riefly.id:8119

Attached are screenshots of my whitelist tab showing these entries.

Child Tickets

Attachments (4)

NoScript_whitelist1.png (43.6 KB) - added by cypherpunks 18 months ago.
NoScript_whitelist2.png (54.8 KB) - added by cypherpunks 18 months ago.
NoScript_whitelist3.png (55.1 KB) - added by cypherpunks 18 months ago.
NoScript_whitelist4.png (51.6 KB) - added by cypherpunks 18 months ago.

Download all attachments as: .zip

Change History (5)

Changed 18 months ago by cypherpunks

Attachment: NoScript_whitelist1.png added

Changed 18 months ago by cypherpunks

Attachment: NoScript_whitelist2.png added

Changed 18 months ago by cypherpunks

Attachment: NoScript_whitelist3.png added

Changed 18 months ago by cypherpunks

Attachment: NoScript_whitelist4.png added

comment:1 Changed 18 months ago by cypherpunks

Summary: NoScript whitelist contains Monero pools?NoScript whitelist contains non-default entries?

It's obviously not just Monero pools since it has apis.google.com. My guess is something weird making your temporary whitelists getting persistent.

Note: See TracTickets for help on using tickets.