Search engine's JavaScript is automatically injected in most of the urls under some conditions
Categories
(WebExtensions :: General, defect)
Tracking
(Not tracked)
People
(Reporter: JRudransh, Unassigned)
Details
Attachments
(1 file)
|
3.28 MB,
application/pdf
|
Details |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
Steps to reproduce:
- Make sure that you have noscript installed otherwise you can't see the scripts.
- Open a new tab and search something in duckduckgo. Make sure duckduckgo script is trusted. and it should be the new tab with first time search something (shuldn't be reloaded as wel)
- click in any url listed. bug effects most of the sites including google
- or put some website url to firefox search bar after searching some thing in search engine
Actual results:
I always blocked JavaScript for most of the sites. Today I noticed DuckDuckGo is using google's JavaScript. Then i thought it might be a bug, so I tried to reproduce it and it happened again.
Expected results:
There shouldn't be any script injected from search engine. It also happened on bank sites. This is critical issue. It can leak our sensitive information to third party.
|
||
Comment 1•3 years ago
|
||
This sounds more like a possible issue with NoScript than with Firefox itself. You might be better off reporting this issue to the NoScript maintainers.
I tested noscript with chrome and the bug didn't showed up
|
|
||
Comment 3•3 years ago
|
||
Script blocking is a feature of NoScript, not Firefox. Please file an issue with NoScript. Maybe the NoScript people can figure out why this isn't working correctly in Firefox.
Description
•