Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

In regard to extensions and resetting firefox

  • 13 uphendule
  • 1 inale nkinga
  • 24 views
  • Igcine ukuphendulwa ngu Marc7

more options

So I've noticed recently that Firefox, or rather more specifically, Noscript, seems to think a lot of things are XSS attempts, which had never been the case before, leading me to think these are false positives. I've had no luck in undoing anything that was blocked, as mentioned in another thread. I'm trying to figure out if resetting Firefox would be a good idea. My problem is that one of my extensions is directly tied to my antivirus program, so my question is basically this; would the extension be able to be turned back on as is, or would I have to reinstall the antivirus program to get it back? I've never seen it come up in a basic search for add-ons without it. So it sounds like I'd have to reinstall it. Can anyone confirm this? If so, I'll have to wait a day or two to get this reset done.

Alternatively, I'm debating just deleting the current cookies and the like from the browser. Would this be a better alternative to a full on refresh/reset of Firefox?

All Replies (13)

more options

Hi Marc7, you could turn off the XSS protection feature of NoScript as a temporary workaround. Click its "S" toolbar button, then the button with the wrench, then the Advanced tab, then uncheck the box for "Sanitize cross-site suspicious requests".

If that doesn't help, do you use any other content blockers that might have settings you could tweak?

I'm trying to figure out if resetting Firefox would be a good idea. My problem is that one of my extensions is directly tied to my antivirus program, so my question is basically this; would the extension be able to be turned back on as is, or would I have to reinstall the antivirus program to get it back?

How did the extension get installed before? You might need to repeat that process because Firefox no longer installs extensions based solely on being listed in the Windows Registry.

Helpful?

more options
Hi Marc7, you could turn off the XSS protection feature of NoScript as a temporary workaround. Click its "S" toolbar button, then the button with the wrench, then the Advanced tab, then uncheck the box for "Sanitize cross-site suspicious requests".

I could give that a try, but what I'd really love to be able to do is get at the actual settings of the noscript settings page. It's listed as 'privileged' and unable to have them changed. I wouldn't be surprised if half my issues are from being unable to get at the list of stuff that the section you mentioned is. Incidentally, would that mean my antivirus program would have to catch any attacks if they're legit, or what?


If that doesn't help, do you use any other content blockers that might have settings you could tweak?

So far as I know, noscript is the only thing I have that counts as such, unless you count adblock plus, but that's never given me any issues.

How did the extension get installed before? You might need to repeat that process because Firefox no longer installs extensions based solely on being listed in the Windows Registry.

I'm not really sure, to be honest. It seems to be something the antivirus installed. It seems to be something it makes available across multiple browsers. I have no idea how it does it, though. The Antivirus is called Webroot Secure Anywhere if that helps any?

Okulungisiwe ngu Marc7

Helpful?

more options

Antivirus software doesn't protect against XSS (cross-site scripting) risks. XSS attacks generally involve scripts that send data from the site you are visiting to another site. Traditional AV usually focuses on files that download or execute on the PC. AV's that filter/proxy browsing usually wouldn't pick up these kinds of scripts, I don't think.

Helpful?

more options

jscher2000 said

Antivirus software doesn't protect against XSS (cross-site scripting) risks. XSS attacks generally involve scripts that send data from the site you are visiting to another site. Traditional AV usually focuses on files that download or execute on the PC. AV's that filter/proxy browsing usually wouldn't pick up these kinds of scripts, I don't think.

Hmm. So then would it be more worthwhile to just do a clean uninstall and reinstall of Firefox then? I already have my bookmarks backed up, though I only have one of the older installers on hand. But I can easily upgrade straight back to the current version once I've got it installed. This way I would just need to contact my AV company and have them help me get the extension put back on.

Helpful?

more options

I find it hard to recommend what to do because I don't know what problems you are encountering with your browsing (apart from lots of NoScript dialogs).

Helpful?

more options

jscher2000 said

I find it hard to recommend what to do because I don't know what problems you are encountering with your browsing (apart from lots of NoScript dialogs).

Well, aside from the dialogs, some things just aren't working. For example, trying to get to some sections of paypal from sites I know work normally fine have just not been working properly. This has been most prevalent on Twitch in the last few days. I keep getting the XSS dialogues when I try to get to Paypal from there and the paypal windows won't open properly at all from there. I've seen the XSS dialogs pop up just from clicking on a video on Amazon Prime, for some reason, even if I'm just removing a show from my list because it's no longer available in the region. There's even the fact that I got an XSS dialogue from Amazon proper itself, which meant I had to find a new workaround in Noscript to get at the ability to use the 'look inside' section of books that have the option available. I'm not sure what if anything will happen the next time I try to buy something through Amazon at this point....

It's not just Twitch and Amazon and Amazon Prime Video where this happens, but those have been the most consistent places I've encountered this BS so far.

Helpful?

more options

Have you tried completely turning off the NoScript XSS block to see how that affects the issue?

Helpful?

more options

jscher2000 said

Have you tried completely turning off the NoScript XSS block to see how that affects the issue?

I didn't even know that was possible. How do I look into doing that?

Helpful?

more options

jscher2000 said

Hi Marc7, you could turn off the XSS protection feature of NoScript as a temporary workaround. Click its "S" toolbar button, then the button with the wrench, then the Advanced tab, then uncheck the box for "Sanitize cross-site suspicious requests".

Helpful?

more options

jscher2000 said

jscher2000 said

Hi Marc7, you could turn off the XSS protection feature of NoScript as a temporary workaround. Click its "S" toolbar button, then the button with the wrench, then the Advanced tab, then uncheck the box for "Sanitize cross-site suspicious requests".

Whoops. I thought you meant something else there. My bad. No, I haven't gotten around to trying that yet. Been a busy day between posts. ^^;;

Helpful?

more options

Ok, so turning off the XSS might have worked, but I felt uncomfortable with the idea of leaving myself open to potential XSS attacks, so I just did a refresh. This may have fixed my issue there, as I was able to access Paypal on Twitch with no worries this time.

The only down side that I can see to the refresh, is that it appears to have meant I lost compact view on toolbar density. Can that be retrieved or no? I honestly am not sure if there was a difference between it and "normal" density, but I would still like the option back.

Helpful?

more options

This article has the steps needed to add Compact density back to the selector: Compact mode workaround in Firefox.

Helpful?

more options

jscher2000 said

This article has the steps needed to add Compact density back to the selector: Compact mode workaround in Firefox.

That worked perfectly! Thank you.

Incidentally, I have noticed since the refresh that when my mouse passes a video, it brings up something asking if I want to watch in picture in picture while browsing elsewhere. This is most prevalent in Youtube. Is there a way to turn that off? It gets annoying seeing that every time I need to pause the video or change the resolution.


Edit: Nevermind, I found it. Randomly right-clicking sometimes works, I guess. o.O Not that I know how to turn it back on if I wanted, but I'll deal with that another time. :)

Okulungisiwe ngu Marc7

Helpful?

Buza umbuzo

Kufanele ulogele ukungena ku-akhawunti yakho ukuze uphendule amaphosti. Uyacelwauqale umbuzo omusha, uma ungekabi nayo i-akhawunti namanje.