Noscript 2.0 causes error messages in Tor
whowatchesthewatcherswatches at Safe-mail.net
whowatchesthewatcherswatches at Safe-mail.net
Thu Jul 29 08:13:44 UTC 2010
I experienced errors in Tor with failure messages related to a destination address. I determined the new version of Noscript was the cause and reading the article below, I now know why. If you have witnessed these errors with Noscript 2.0, reply here. Whst is the remedy to this error?
I downgraded to an older version to dodge this error, I would like to keep current. The new feature related to ABE, see below, was causing the error message in Tor. Tor works with Noscript 2.0, but with error messages timed to every 5-10 minutes. I don't recommend Noscript 2.0 for Tor users ATM unless this error may be resolved.
Noscript 2.0 Released, Firefox Plugin
http://www.h-online.com/security/news/item/Firefox-plug-in-NoScript-2-0-released-1047176.html
28 July 2010, 17:38
NoScript (http://noscript.net/) creator Giorgio Maone (http://maone.net/) has announced (http://twitter.com/ma1/status/19660159603) the release of version 2.0 of his open source extension for Mozilla's Firefox browser that blocks the execution of JavaScript, Java, Flash and other plug-ins or scripted content. The add-on for Firefox includes a white list (http://en.wikipedia.org/wiki/Whitelist) to allow scripts from certain web sites and helps to prevent clickjacking (http://en.wikipedia.org/wiki/Clickjacking) attacks, which involve a crafted web site inserting a transparent iFrame underneath the user's cursor. Victims believe that they are clicking on the displayed web page, when in fact they are actually clicking on control elements (e.g. buttons) on a transparent iFrame from another website.
According to its developer, the latest version of the NoScript add-on for Firefox is even more reliable, has an updated user interface synchronisation system that's more efficient than previous versions and includes several improvements against cross-site scripting (XSS). Maone is especially proud of the new feature in version 2.0 that builds on the add-on's Application Boundaries Enforcer (ABE) (http://noscript.net/abe) module and provides cross-zone CSRF protection for flawed routers which expose their WAN IP on their LAN interface, saying that it "saves your router's ass even if it's so flawed to expose its UI on the LAN with its WAN IP". Other changes include the addition of an import / export feature, better handling of mixed permissions pages and improved support for Firefox Mobile, also known as "Fennec".
More details about the release can be found in the change log (http://noscript.net/changelog). NoScript 2.0 is available to download (http://noscript.net/getit) from the project's site or from the Add-ons for Firefox (https://addons.mozilla.org/firefox/addon/722) portal and supports Firefox 3.0 or later. Users running older versions of Firefox must use the previous 1.10.x branch of NoScript. NoScript is licensed under version 2 of the GNU General Public License (https://addons.mozilla.org/en-US/firefox/versions/license/113776).
See also:
* ABE Patrols the Routes to Your Routers, blog post by Maone.
http://hackademix.net/2010/07/28/abe-patrols-the-routes-to-your-routers/
* 26C3: Protection against Flash security holes, a report from The H.
http://www.h-online.com/news/item/26C3-Protection-against-Flash-security-holes-893689.html
"Stay thirsty my friends"
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list