With the recent changes to Firefox (and NoScript apparently) I am getting frequent XSS warnings from "tqn" in particular. It seems to happen every time I do even minor things like open a new tab in Firefox. This is what it looks like:
Can somebody help parse this error and explain to me why it is happening?
My partial results:
whois.com says tqn.com is registered to MarkMonitor Inc., that has a markmonitor.com site.
In markmonitor.com says Mark Monitor Inc. is some company selling intellectual property protection related stuff.
The request in my case came from a favicon request for a lifewire.com page. Revisiting that page triggered the NoScript warning again.
I don't know why a favicon request would trigger an XSS warning though, so this is not a complete answer. I put this here in case it's useful to someone.
Maybe some kind of fingerprinting going on?
These urls are generated with thumbor. You can apply filter on some images via thumbor. In your example, a fill filter is applied. Thumbor filter uses parenthesis. Parenthesis are valid characters in URI (see RFC 3986 - Section 2: Characters).
IMO the problem is No-Script extension which is too restrictive. You should report the problem to No-Script communauty.
