Nintendo Kid posted:

I really don't see the basis that Edge should be any more vulnerable, especially considering its whole gimmick involves dropping substantial legacy support.

quote:

Security researcher Linus Särud has uncovered a security vulnerability in the popular NoScript browser extension that could allow an attacker to run arbitrary JavaScript in a victim's browser. An exploit of this vulnerability could expose private data or lead users to download malicious software.

The attack works because NoScript has a limited whitelist of trusted domains, allowing the host browser to load commonly-used tools from certain content delivery networks like googleapis.com. This feature tries to preserve websites' functionality while simultaneously blocking any potentially malicious code.

Because the extension will implicitly trust any subdomain whose parent domain is present in the whitelist, Särud found that NoScript will trust the storage.googleapis.com subdomain, which hosts Google's Cloud Storage service. He uploaded a small test script there, which cleanly got past NoScript.

Särud built upon the work of Matthew Bryant, another security researcher, who found that the whitelist itself was stale—it contained the unused domain vjs.zendcdn.net. Bryant registered zendcdn.net for a mere $10.69, and put up a proof-of-concept script that NoScript dutifully let through.

Both Särud and Bryant contacted NoScript's author about these issues. An updated version of the extension that closes the loopholes noted above is now available, so NoScript users should update immediately.

Im_Special posted:

That's a few days old now and it was fixed in only a few hours.

Boris Galerkin posted:

Is this why uBlock Origin gives me a warning page whenever I click on a SourceForge link?

~Coxy posted:

Pretty hilarious how Messenger didn't even work in FF until very recently.

~Coxy posted:

Not sure what to say. It never used to work for me in FF until one day FF had updated and it did from then on.

Xander77 posted:

2. Multilinks (right click and drag to open a bunch of tabs at once). Causes firefox to run very slow, and hang up whenever I right click. Tried to uninstall and install multilinks plus - exact same thing. Any add-ons that work?

Mad Doctor Cthulhu posted:

I got a weird issue: I'm running the latest Firefox and when I try to make a status update on Facebook, the status update window just vanishes and leaves behind the dimmed view. It doesn't replicate on Chrome and seems to be on both my work and home versions of Firefox. Is this a Firefox issue or just Facebook being lovely?

Also, I'm using Ublock Origin but nothing beyond the original lists.

mike12345 posted:

FRINGE posted:

"Hey this browser is very chrome like and I was avoiding that. Welp, I guess Ill just use chrome since it doesnt matter anymore."

Saukkis posted:

I currently have Firefox running with a profile dedicated for Something Awful, another for YouTube and few other profiles for other purposes.

Abel Wingnut posted:

hmm, looking into this now. would something like this work? i believe this checks all boxes on the page, but there's only one box so that's fine.

code:

(function() {
    'use strict';

    var cBoxes=document.getElementsByTagName('input')

    for (var i=0; i < cBoxes.length; i++) {

    if (cBoxes[i].type=="checkbox") {

	cBoxes[i].checked=true

    }

}
})();

Jewel Repetition posted:

Is there a way to add "search google for this image" to the context menu when you right click an image?

Geemer posted:

I knew about the other stuff but this is really great to know.

Flipperwaldt posted:

None of it is mentioning whether it will still support addons like Firefox for Android currently does.

Spaseman posted:

This might not be the best place to ask but I've got a text box on a company website at work I have to enter short lines of text into. After each line I have to hit enter then the page reloads and I enter a new line of text. Is there a way I could submit multiple strings of text at once so I don't have to manually paste and enter each line one by one? Sorry if this is poorly conveyed.

Sab669 posted:

On Desktop, when you active "Reader View", you can set the background / font color choice (light/dark theme)... Is there a way to do this on Mobile, or am I stuck with just the eye-searing light theme?

astral posted:

I just accidentally discovered this today. Anyone happen to know offhand if there is a keyboard shortcut with the same functionality? I browsed their FAQs but didn't see anything.

gary oldmans diary posted:

Using Javascript to implement CSS always feels wrong.