Need help - website injecting JavaScript into my URL bar

[Syncronocity]

I visited a rogue website that injects a "javascript:" command into my url bar and executes it. This is very problematic as not only does it bypass the local popup blocker, but it also bypasses NoScript and any other protection.

Is there any way to permanently disable this behavior? I'm not sure I quite understand why the url bar can execute javascript by default.

[Reflective]

Click File --> Work Offline. This will disconnect Firefox from the Internet.

Then on the menu at the top (hit the ALT key if you can't see it) click Help --> Troubleshooting information.

In the menu which opens, click "Refresh Firefox". This will reset FF to its default values. See this support page for more info: https://support.mozilla.org/en-US/kb/re ... d-settings

Finally, click File --> Work Offline again to remove the checkmark and allow Firefox to regain web access again.

I'd also advise you to download the trial version of Malwarebytes and perform a full system scan. After the free 14 day trial period is over, Malwarebytes reverts to the free version: https://www.malwarebytes.com/trial/

[therube]

I visited a rogue website

URL

it also bypasses NoScript

By default, NoScript disallows javascript: (& data:) "URI", so that should not be happening.
It might display, but it should not "execute".

Code: Select all

javascript: alert('Hello, World!')

[Grumpus]

You could also hit /Help/Report deceptive site - once you're on the site.
Depends on how onerous the script is.

[therube]

(Just yesterday, I happened to catch data: URI being "opened", not, & just paid it no mind. Maybe I'll see if I can catch it again?)

[barbaz]

https://forums.informaction.com/viewtop ... 10&t=22529