User profile for user: Melbyza
Melbyza Author
User level: Level 1
4 points

NoScript detected a potential Cross-Site Scripting (XSS) attack.

In the morning, I entered a page that redirected me to many other pages (several blocked by my AdBlocker), so I specifically suspect this one. But that alert was sent to me by NoScript about seven hours later, to be exact. Usually, NoScript alerts appear immediately after the attack attempt, so I don't know how likely it is. I want to know if I should be worried or not. My Mac hasn't experienced anything strange at all, nothing unusual (that my untrained eye) can detect either.

Posted on Nov 15, 2024 4:51 PM

Reply
Question marked as Top-ranking reply
User profile for user: g_wolfman
g_wolfman
User level: Level 4
3,472 points

Posted on Nov 15, 2024 6:47 PM

A XSS attack (if there was one) wouldn't affect your computer. The risk would be if the attack allowed something to happen in the browser - like session cookies to be grabbed and an account compromised.


In which case, the question is, what other tabs were open and were you logged into any accounts on them? If so, you may wish to change their passwords and/or force log out any connected sessions from in those sites to invalidate any session cookies.


Also, depending on the browser, each tab might be sandboxed anyway, in which case the attack surface is pretty reduced (but not 100%).


As for the NoScript alert - no idea. How does it deliver alerts - notifications, emails, or something else? Was the browser quit during that time? It's possible the alert was stuck in an outbound queue, the browser quit and the queue actioned when the browser was reopened.

View in context
4 replies
Question marked as Top-ranking reply
User profile for user: g_wolfman
g_wolfman
User level: Level 4
3,472 points

Nov 15, 2024 6:47 PM in response to Melbyza

A XSS attack (if there was one) wouldn't affect your computer. The risk would be if the attack allowed something to happen in the browser - like session cookies to be grabbed and an account compromised.


In which case, the question is, what other tabs were open and were you logged into any accounts on them? If so, you may wish to change their passwords and/or force log out any connected sessions from in those sites to invalidate any session cookies.


Also, depending on the browser, each tab might be sandboxed anyway, in which case the attack surface is pretty reduced (but not 100%).


As for the NoScript alert - no idea. How does it deliver alerts - notifications, emails, or something else? Was the browser quit during that time? It's possible the alert was stuck in an outbound queue, the browser quit and the queue actioned when the browser was reopened.

Reply
User profile for user: Melbyza
Melbyza Author
User level: Level 1
4 points

Nov 17, 2024 2:57 PM in response to g_wolfman

Hello, thank you for your reply. 😭😭


The alert appeared as a box on my screen. It may have been a bug in the Tor browser (where this alert is quite common), as I remember having it open but minimised and then closing everything and still the alert was still there.


The only accounts I was logged into were on Google and the page I visited was from that browser, so I'm suspicious of this specific one.


Anyway, nothing strange has happened to my accounts but it still scared me too much.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

NoScript detected a potential Cross-Site Scripting (XSS) attack.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up