NoScript Bypass

by Matt Bryant, on Jul 6, 2015 1:09:50 PM

Release Date

June 20, 2015

Patch Date

June 19, 2015

Reported Date

June 17, 2015

Vendor

Giorgio Maone/NoScript

Systems Affected

Affected all systems with NoScript version < 2.6.9.27.

Summary

Due an expired domain of vjs.zendcdn.net in the default whitelist for NoScript, it is possible to bypass the protection offered by the add-on by registering the expired domain name.

Vendor Status

An update has been released that fixed this issue as of June 19, 2015.

Exploit Availability

Because of the expired domain of vjs.zendcdn.net in the default whitelist for NoScript, it is possible for a malicious user to bypass the protection offered by the add-on by registering the expired domain name. Since the add-on explicitly trusted this domain, a malicious user could host malicious payloads on vjz.zendcdn.net that execute JavaScript despite NoScript being enabled. To prevent this attack, the domain was registered and redirected to 127.0.0.1.

Researcher

Matt Bryant of Bishop Fox

Comments

Vulnerability Disclosure Policy

Bishop Fox takes security issues very seriously. We believe in coordinated disclosure, and we work closely with vendors and clients to patch vulnerabilities promptly. More on our Disclosure Policy →

Subscribe to Updates