Tentativo XSS di Google Captcha su login.yahoo.net? (NoScript)

0

Recentemente ho provato ad accedere al mio account di posta Yahoo con ESR di Firefox dove NoScript mi ha mostrato questo avviso quando il captcha è stato mostrato al login:

NoScript filtered a potential cross-site scripting (XSS) attempt from [https.login.yahoo.net]. Technical details have been logged to the Console.

NoScript ha anche aperto una finestra su "clickjacking / UI redressing" nel captcha. Iirc senza sbloccare il pulsante 'Verifica' non sarebbe cliccabile e completamente visibile. Sto anche ottenendo una finestra su questo per altri Google Captcha come su siti di scambio di stack.

Non ho ricevuto l'avviso XSS agli accessi precedenti, tranne forse una o due eccezioni.

L'URL è fondamentalmente simile a questo: https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password

Ecco il contenuto incollato della copia della console (pastebin.com/e9BgXheC):

Hey developer! Want to see more verbose logging?  util.js:14:1
Type this into the console: DEFAULT_LOG_LEVEL=VERB  util.js:15:1
Accepted levels are VERB, DBUG, INFO, NOTE and WARN, default is NOTE  util.js:16:1
NoScript WebExt Ready  noscript.js:43:1
NoScript preferences backed on the WebExtension side  legacy.js:17:9
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
downloadable font: download failed (font-family: "Open Sans" style:normal weight:normal stretch:normal src index:0): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Regular-webfont.3f642fa3ea74.woff2  mdn.340edd757ddc.css:4:22660
downloadable font: download failed (font-family: "Open Sans" style:normal weight:normal stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Regular-webfont.ac327c4db628.woff  mdn.340edd757ddc.css:4:22660
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/styles/libs/font-awesome/fonts/fontawesome-webfont.fdf491ce5ff5.woff?v=4.1.0  mdn.340edd757ddc.css:4:279
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:2): content blocked source: https://developer.cdn.mozilla.net/static/styles/libs/font-awesome/fonts/fontawesome-webfont.4f0022f25672.ttf?v=4.1.0  mdn.340edd757ddc.css:4:279
downloadable font: download failed (font-family: "Open Sans" style:normal weight:bold stretch:normal src index:0): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Semibold-webfont.b25e8a5a61a4.woff2  mdn.340edd757ddc.css:4:22889
downloadable font: download failed (font-family: "Open Sans" style:normal weight:bold stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Semibold-webfont.56bfcae65300.woff  mdn.340edd757ddc.css:4:22889
downloadable font: download failed (font-family: "zillaslab" style:normal weight:bold stretch:normal src index:0): content blocked source: https://developer.cdn.mozilla.net/static/fonts/locales/ZillaSlab-Bold.8d7f01331d2b.woff2  locale-en-US.7e45c23d7d30.css:1:240
downloadable font: download failed (font-family: "zillaslab" style:normal weight:bold stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/fonts/locales/ZillaSlab-Bold.be1d6507cb98.woff  locale-en-US.7e45c23d7d30.css:1:240
downloadable font: download failed (font-family: "Open Sans" style:italic weight:normal stretch:normal src index:0): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Italic-webfont.47c24d65c5a6.woff2  mdn.340edd757ddc.css:4:23120
downloadable font: download failed (font-family: "Open Sans" style:italic weight:normal stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/fonts/OpenSans-Italic-webfont.525074686dfb.woff  mdn.340edd757ddc.css:4:23120
downloadable font: download failed (font-family: "zillaslab" style:normal weight:normal stretch:normal src index:0): content blocked source: https://developer.cdn.mozilla.net/static/fonts/locales/ZillaSlab-Regular.f9de6143fdfa.woff2  locale-en-US.7e45c23d7d30.css:1:11
downloadable font: download failed (font-family: "zillaslab" style:normal weight:normal stretch:normal src index:1): content blocked source: https://developer.cdn.mozilla.net/static/fonts/locales/ZillaSlab-Regular.f7120c75de27.woff  locale-en-US.7e45c23d7d30.css:1:11
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
downloadable font: download failed (font-family: "Raleway" style:normal weight:normal stretch:normal src index:2): content blocked source: https://fonts.gstatic.com/s/raleway/v11/IczWvq5y_Cwwv_rBjOtT0w.woff  css:1:12
downloadable font: download failed (font-family: "Raleway" style:normal weight:800 stretch:normal src index:2): content blocked source: https://fonts.gstatic.com/s/raleway/v11/1ImRNPx4870-D9a1EBUdPBsxEYwM7FgeyaSgU71cLG0.woff  css:13:12
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:1): content blocked source: https://www.whatismyip.net/assets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0  font-awesome.min.css:4:14
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:2): content blocked source: https://www.whatismyip.net/assets/font-awesome/fonts/fontawesome-webfont.woff?v=4.7.0  font-awesome.min.css:4:14
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:3): content blocked source: https://www.whatismyip.net/assets/font-awesome/fonts/fontawesome-webfont.ttf?v=4.7.0  font-awesome.min.css:4:14
downloadable font: download failed (font-family: "Raleway" style:normal weight:600 stretch:normal src index:2): content blocked source: https://fonts.gstatic.com/s/raleway/v11/xkvoNo9fC8O2RDydKj12bxsxEYwM7FgeyaSgU71cLG0.woff  css:7:12
downloadable font: download failed (font-family: "Glyphicons Halflings" style:normal weight:normal stretch:normal src index:1): content blocked source: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2  bootstrap.min.css:5:3022
downloadable font: download failed (font-family: "Glyphicons Halflings" style:normal weight:normal stretch:normal src index:2): content blocked source: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff  bootstrap.min.css:5:3022
downloadable font: download failed (font-family: "Glyphicons Halflings" style:normal weight:normal stretch:normal src index:3): content blocked source: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.ttf  bootstrap.min.css:5:3022
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
[NoScript ClearClick] Swallowed event mousedown on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event mouseup on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event click on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
Warning: ‘nsIOService::NewChannel()’ deprecated, please use ‘nsIOService::NewChannel2()’  DMS.js:1397:14
No chrome package registered for chrome://dta-modules/content/support/filtermanager.js
Warning: ‘nsIOService::NewChannel()’ deprecated, please use ‘nsIOService::NewChannel2()’  DMS.js:1401:14
Warning: ‘nsIOService::NewChannel()’ deprecated, please use ‘nsIOService::NewChannel2()’  DMS.js:1397:14
No chrome package registered for chrome://dta-modules/content/support/filtermanager.js
Warning: ‘nsIOService::NewChannel()’ deprecated, please use ‘nsIOService::NewChannel2()’  DMS.js:1401:14
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
about:blank : Unable to run script because scripts are blocked internally.  (unknown)
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:82:12
XML Parsing Error: no root element found
Location: https://e.reddit.com/v1?key=RedditFrontend1&mac=amacid
Line Number 1, Column 1:  v1:1:1
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
[NoScript ClearClick] Swallowed event mousedown on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event mouseup on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event click on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[ABE WAN] Trying to detect WAN IP...
[ABE WAN] Detected WAN IP ip
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
Sync encountered an error - see about:sync-log for the log file.  policies.js:729
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
[ABE WAN] Trying to detect WAN IP...
[ABE WAN] WAN IP not detected!
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
NoScript preferences backed on the WebExtension side  legacy.js:17:9
[ABE WAN] Trying to detect WAN IP...
[ABE WAN] WAN IP not detected!
NoScript preferences backed on the WebExtension side  legacy.js:17:9
number  addons.repository   WARN    Search failed when repopulating cache
update.locale file doesn't exist in either the application or GRE directories  UpdateUtils.jsm:148
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.update-checker   WARN    HTTP Request failed for an unknown reason
number  addons.productaddons    WARN    Failed downloading XML, status: 0, reason: error
number  addons.productaddons    WARN    Failed downloading XML, status: 0, reason: error
NoScript preferences backed on the WebExtension side  legacy.js:17:9
“nsICookieManager2.getCookiesFromHost()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager2  cookietracker.js:126:12
“nsICookieManager.remove()” is changed. Update your code and pass the correct originAttributes. Read more on MDN: https://developer.mozilla.org/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICookieManager  main.js:613:6
[NoScript ClearClick] Swallowed event mousedown on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event mouseup on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)
[NoScript ClearClick] Swallowed event click on https://login.yahoo.com/account/challenge/recaptcha?.src=fp&authMechanism=primary&display=login&yid=name&dname=name&done=https%3A%2F%2Fmail.yahoo.com%2F&crumb=id1&acrumb=id2&s=QQ--&c=verylongid&e=true&pcn=password (rapid fire from https://www.google.com in 400ms)

Trovo interessante il fatto che sembra interrogare reddit.
Utilizzo l'HTTPS Everywhere AddOn (ovviamente) e ho anche installato Reddit Enhancement Suite. Ma ho ottenuto lo stesso errore quando disabilitavo AddOn.
Mi sto anche chiedendo cosa significhi la "[ABE WAN] Cercando di rilevare le IP WAN".

Ed ecco una copia correlata: link

La mia domanda è: è stato un vero tentativo XSS o un falso positivo? In entrambi i casi: perché ho ricevuto questo errore e ci sono più persone che hanno ricevuto questo errore?

    
posta user38395734 27.08.2017 - 22:27
fonte

1 risposta

1

Molto probabilmente un falso positivo, i filtri XSS NoScripts sono piuttosto ritardati quando si tratta di reindirizzamento tra domini diversi a causa della precisione dei filtri. Un esempio frequente di false XSS viene mostrato sui domini di pagamento VISA a causa del reindirizzamento dal dominio dello shopping al processore di pagamento.

    
risposta data 27.08.2017 - 23:33
fonte

Leggi altre domande sui tag