Weird third-party script loading in Firefox

No script now in page "https://archived.forum.manjaro.org/c/announcements":

NoScript detected a potential Cross-Site Scripting attack

from [...] to https://foxplay.com.

Suspicious data:

(URL) https://foxplay.com/{{openGraph.image}}

More information please. There are no third-party scripts (or any other resources) within Manjaro's Discourse instance, so the only time an external resource will be loaded is for embedded images or video etc.

If you're getting XSS alerts then it's more likely a local browser extension - unless you can show (e.g. using the Firefox Developer Tools) where it's originating from within the Discourse web requests.

I thing it is another page that is open with this one, but only tonight I will have time to see what is happen. I have some pages that are fixed and open with this. Every time I open the browser comes up this. How to discover from where it comes?

Possibly

specifically, the Network tab.

I just allow noscript to always deny accesss. :slight_smile:

That url/script isnt coming from manjaro or archived.forum.manjaro.org at all from what I can tell.
(its some sort of non-english fox tv network thing)

1 Like

Now I remember that I use preload, could be this that is making it is stranger behavor on Firefox? How to reset preload? I do not have time to investigate this, only on weekend I will have some time.
*I am just posting here to remember this and if somebody gives me some advice on where to start.

Unlikely. Try to replicate with a clean browser profile, and watch your connections (e.g. wireshark or the uBlock/uMatrix logger).

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by