NoScript (V. 19.9.9.71) adds external flash filtering (experimental)

General Topics
1
Experimental external filters for plugin content (e.g. Blitzableiter to sanitize Flash applets). It requires Firefox 3.5 and above, and it can be configured from the new NoScript Options|Advanced|External Filters panel. To activate the built-in Blitzableiter support you need to enable filters, download Blitzableiter binaries and tell NoScript where the executable is. Please notice that Blitzableiter is in its early development stages, and it breaks a lot of Flash content.

http://noscript.net/
http://blitzableiter.recurity.com/
http://blitzableiter.recurity.com/projects/list_files/blitzableiter

I got no idea how it works yet, gotta read the project pages. Basically for it to work it must be enabled in NS while you point to filter executable. From people working themselves on the project, it’s really experimental ;D >>> at your own risk :wink:

2

None of the Blitzableiter project pages seem to give an explanation of its purpose. The best I could find was a pdf of a slide presentation that was given in Berlin last December.
http://www.recurity-labs.com/content/pub/DefendingThePoor_26C3.pdf

I’ll leave its use to Giorgio and the Blitzableiter project testers.

Edit: Found more information in the Blitzableiter Developer Guide in the Blitzableiter Wiki:
http://blitzableiter.recurity.com/wiki/blitzableiter

Introduction

The Blitzableiter is a defensive solution for Adobe Flash Rich Internet Applications. It realizes the protection by applying a process of normalization through recreation.

Blitzableiter protects against attacks using Adobe Flash application files in SWF format. It can prevent attacks targeted at exploiting memory corruption vulnerabilities in the runtime environment as well as attacks using the runtime environment’s native functionality maliciously.

Section 2 will give an overview of the general approach and the Flash file format. Section 3 provides information about the code structure and organization. Section 4 gives advise on how to test and debug the library.

3

Hi Alan Baxter,

This is the main page: http://blitzableiter.recurity.com/
Here you will find issues with the program: http://blitzableiter.recurity.com/projects/blitzableiter/issues
and here:
http://blitzableiter.recurity.com/projects/activity/blitzableiter
binairies here: http://blitzableiter.recurity.com/projects/list_files/blitzableiter

pol

4

so far running as expected (according to what they say on NS and Blitzableiter sites), it breaks many videos…(when allowed to run). So I’ve switched it off, until the filter gets improved…

5

NoScript 1.9.9.72 is crashing my Firefox. I need to disable it to have it back.
Waiting for a further version.

6

Tech,

No problem with it in my flock browser. I have NS 19.9.9.71 together with RP 0.5.13, Distrust 0.8.1, Fiddler 1.5 and ABP+ with various blocklists and WOT 20091028. No problem whatsoever with this combination,

pol

7

I don’t have a problem too Tech my external flash filtering has been disable see attachment.

8

Where did you get that build as it isn’t available through the Firefox Find Updates interface ?

Perhaps it is a pre-release version not yet on the mozilla site.

9

OK, I found it at the Home Page and looking at the changelog (see image) there doesn’t appear to be that much in it to cause any crashes, but who knows.

So I will download and install it ans see what happens.

10

Official site.

11

Generally I wait for the add-on updated through the add-on update check in the browser.

However, I have downloaded and installed this build and so far no problems with it.

12

+1

13

No problem here. What version of Firefox are you using? Can you provide steps to reproduce and a link to the crash report? If so, it’s probably be more effective to post them in NoScript Support so Giorgio can take a look.

14

Latest Firefox 3.6.3 PtBr language.
I’ll test again.

My extension list is:

Gerado em: Fri Apr 30 2010 11:45:52 GMT-0300 (Hora oficial do Brasil)
Agente: Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)
Build ID: 20100401080539

Extensões ativadas: [34]

Extensões desativadas: [1]

Total de Extensões: 35

Temas instalados: [4]

Plugins instalados: (1)

  • IE Tab Plug-in
15

Wow, Tech…! That’s a huge list of extensions… :wink:
Maybe one of these interferes with the new NS build…!??
asyn

16

Sure… but I can’t discover which one…

17

Maybe it’s better to ask here: http://forums.informaction.com/viewforum.php?f=3
asyn

18

I’m using these extensions and versions too, Tech.

This extension – automatically and silently added by one of the Windows updates – can conflict with other extensions. I suggest you disable it.

19

Seems that the guilty is not NoScript neither AdBlock Plus but LastPass… There was a recent update for it…

20

no issue here with LastPass, updated to 1.68 two days ago I think.

edit: okay I see you’re running NS 1.9.9.72 and not 71…
edit: just upgraded to the web site version (1.9.9.72), it works fine, no crash

Why such a tight release schedule? Version 1.9.9.72 fixes a nasty configuration import/export/synchronization bug introduced by "preset configurations" for Firefox Mobile, which may lead to a configuration reset on import or synchronization. Many thanks for your patience.