noscript XSS alert on Gmail web interface...

[Hermite15]

never had this before and I honestly have no idea what this actually means...I got the alert exactly when loggin in to my Gmail account in the web interface (see screenshot). There are logs in console but I can't interpret them. Thanks for your help (I guess Polonus should be qualified here...)

edit: for some reason I have a high CPU load when displaying the console; scrolling in it is hell.

edit again: I logged out and back in and didn't get the alert again.

adding: may be it's just the rerouting from Google between the login screen and the Gmail interface that made it happen, and ns alert can be considered as a "false positive"? I read some stuff a while ago about cross scripting methods...guess I got to get more info from the ns site  

edit: screwed up with the console; as my Firefox is set to delete all private data on closing, I lost all info there too 

[Alan Baxter]

If it only happened once, I wouldn't worry about it.  If it was an attack, then NoScript blocked it.  We can't tell whether it was an attack or something benign without more data.  If it happens again, post the text of the console log along with a detailed description of how to reproduce it to the NoScript Support forum.  You're not required to register.  http://forums.informaction.com/viewforum.php?f=3

[DavidR]

In the past I have had the NoScript's XSS fire when it was related to two legit sites, so there can be an element of getting it wrong as it isn't an exact science, a bit like generic signatures. But I would have though that it would be a recurring alert as essentially it would be the same transfer of data between sites.

So like Alan said if it only happens once I wouldn't be concerned either.

Perhaps it might have been related to the other issues you mentioned.

[Alan Baxter]

XSS will fire if a site which hasn't been whitelisted injects code into the page of one that has been whitelisted by the user.  NoScript doesn't attempt to evaluate whether a site is legit, i.e. non-malicious.  On the other hand, if the content of the injection looks like it may be dangerous, it will sanitize the code even if both sites are whitelisted.  As you say, David, this part isn't an exact science.  I wasn't sure if this is what you meant, so I thought I'd clarify how it works.

[DavidR]

Yes (by legit sites previously allowed in NoScript), but much better worded on the content being thought suspect and sanitised anyway.

[Hermite15]

thanks for the feedback guys 
yes as said that was an only once alert and I stupidly closed the browser after it, losing the console data. It's probably not related, I know Google use to prevent that you could log in to two Gmail accounts at the same time from the same computer (in two browsers); they don't prevent this anymore; and yesterday when the ns alert came in Firefox, I was logged in on another Gmail in Chrome...Google's servers are aware of this at some extend...just wondered if the two sessions could have interfered.
 Anyway as said too, whatever it was it was blocked by no script and if there indeed was an attacker, he got screwed  . If it was to happen again I'll definitely post this on ns forums (informaction) to discuss it.