Opened 9 months ago

Closed 5 months ago

#29647 closed defect (fixed)

Browser freezing due to NoScript XSS protection

Reported by: atac Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: xss noscript
Cc: ma1 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I can reproduce 100% on https://www.tripadvisor.com/Tourism-g60763-New_York_City_New_York-Vacations.html, on Linux 64 (Ubuntu 18.04). Before page being completely loaded, the whole browser freezes for a while (at least 60 seconds), then some XSS popups appear.

Unticking NoScript Preferences -> Advanced -> Sanitize cross-site suspicious requests fixes it, so I assume this is being caused by NoScript XSS protection. I was surprised that the whole browser is freezing, but it must be that the NoScript WebExtension runs in the main process.

Child Tickets

Change History (2)

comment:1 Changed 9 months ago by gk

Cc: ma1 added

Yeah, that's something like #22362 again. :(

comment:2 Changed 5 months ago by gk

Resolution: fixed
Status: newclosed

Thanks, fixed in tor-browser-build with commit 07961f94a1d956c33c1d0448b6e5f69df6b03ea4 (on master) and 26a5d9739b7e0d30f03da46b316ac15546e79eef (on maint-8.5).

Note: See TracTickets for help on using tickets.