-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firefox: CSS Exfil Protection fails while using NoScript or JShelter #38
Comments
Thanks for the report! I also got your contact form emails :-) Simple reason No Script will make the vulnerability tester fail, it requires JavaScript to make the check. From the FAQ:
|
Hi Mike Yes, I do know. ;) I've made some tests and it seems that some other addons I also have installed are interacting in a bad manner with the CSS Exfil Protection addon so far. Sometimes the test passes, sometimes it doesn't. Will see if I find the culprits. :) Here is the list of my installed addons: https://addons.mozilla.org/en-US/android/collections/5897684/Collection-1/ Best wishes |
OK! Just wanted to rule that out. I will take a look and see if I can determine the reason behind the conflict and if I can do anything about it in the plugin. |
Hi Mike I've made some tests again with a clean Firefox installation (v97.0.2) and only with the two add-ons "CSS Exfil Protection" and "NoScript" installed and enabled. Sometimes, the test passes, sometimes it doesn't by refreshing the "CSS Exfil Vulnerability Tester" website. It's a highly strange behavior. The test always passes when NoScript is disabled (screenshot 3). I've made three screenshots for you. |
Hi all
In Firefox 97.0.1 for desktop and Firefox Nightly 99.0a for Android, the CSS Exfil Protection addon fails if either NoScript or JShelter is enabled. Disabling them solves the issue and the the test passes. CSS Exfil Protection Tester
I've also checked it out with Microsoft Edge and NoScript enabled and there is no issue so far. Everything works fine with both CSS Exfil Protection and NoScript addons enabled.
Best wishes
The text was updated successfully, but these errors were encountered: