NoScript Security Suite Version History

709 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.6.6.9rc1 534.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.9rc1
=========================================================================
+ [XSS] Added several experimental / unofficial markup atoms to the
build-time matcher generator (thanks .mario for reporting)

Version 2.6.6.8 535.7 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.8
=========================================================================
x [XSS] Protection against filter evasion exploiting Adobe Flash URL
parsing and charset handling bugs (thanks Soroush Dalili for reporting)

Version 2.6.6.8rc1 535.6 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.8rc1
=========================================================================
x [XSS] Protection against filter evasion exploiting Adobe Flash URL
parsing and charset handling bugs (thanks Soroush Dalili for reporting)

Version 2.6.6.7 534.4 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.7
=========================================================================
x Fixed ClearClick triggered by recently changed browser built-in Click
To Play placeholders (bug 889228)
x [Locale] Updated Czech (thanks Karel)

Version 2.6.6.7rc1 534.5 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.7rc1
=========================================================================
x Fixed ClearClick triggered by recently changed browser built-in Click
To Play placeholders (bug 889228)
x [Locale] Updated Czech (thanks Karel)

Version 2.6.6.6 534.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.6
=========================================================================
+ Made mimetype whitelisting through the noscript.allowedMimeRegExp
preference work with the WebGL pseudo type (thanks Thrawn for RFE)

v 2.6.6.5
=========================================================================
x Better fix for Nightly breakages

v 2.6.6.4
=========================================================================
x Fixed some recent breakages on Nightly

v 2.6.6.3
=========================================================================
x Improved "fixable" JavaScript links detection (thanks asdf for RFE)

Version 2.6.6.6rc1 534.4 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.6rc1
=========================================================================
+ Made mimetype whitelisting through the noscript.allowedMimeRegExp
preference work with the WebGL pseudo type (thanks Thrawn for RFE)

v 2.6.6.5rc1
=========================================================================
x Better fix for Nightly breakages

v 2.6.6.4rc1
=========================================================================
x Fixed some recent breakages on Nightly

v 2.6.6.3rc1
=========================================================================
x Improved "fixable" JavaScript links detection (thanks asdf for RFE)

Version 2.6.6.5rc1 534.6 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.5rc1
=========================================================================
x Better fix for Nightly breakages

Version 2.6.6.4rc1 534.5 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.4rc1
=========================================================================
x Fixed some recent breakages on Nightly

Version 2.6.6.3rc1 534.5 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.3rc1
=========================================================================
x Improved "fixable" JavaScript links detection (thanks asdf for RFE)

Version 2.6.6.2 534.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.2
=========================================================================
x Fixed regression in Tab Mix Plus compatibility due to Gecko 21 changes
x Improved placeholder management for full-document plugin content, e.g.
makes Youtube embeddings more usable on Facebook

Version 2.6.6.2rc2 534.6 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.2rc2
=========================================================================
x Fixed regression in Tab Mix Plus compatibility due to Gecko 21 changes

v 2.6.6.2rc1
=========================================================================
x Improved placeholder management for full-document plugin content, e.g.
makes Youtube embeddings more usable on Facebook

Version 2.6.6.2rc1 534.4 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.2rc1
=========================================================================
x Improved placeholder management for full-document plugin content, e.g.
makes Youtube embeddings more usable on Facebook

Version 2.6.6.1 534.2 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.1
=========================================================================
x Fixed backward compatibility issue with recent channel cloning changes
x [XSS] Compatibility with certain redirector URL patterns (thanks
Stephen F. for reporting)
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Version 2.6.6.1rc2 534.6 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.1rc2
=========================================================================
x Fixed backward compatibility issue with recent channel cloning changes
x [XSS] Compatibility with certain redirector URL patterns (thanks
Stephen F. for reporting)

v 2.6.6.1rc1
=========================================================================
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Version 2.6.6.1rc1 534.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6.1rc1
=========================================================================
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Version 2.6.6 532.4 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6
=========================================================================
x Added per-window private browsing support to some background requests
x Improved channel cloning for internal redirections
x Added further Microsoft mail services dependencies to the default
whitelist
x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden
s forbidden

Version 2.6.6rc5 532.7 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6rc5
=========================================================================
x Added per-window private browsing support to some background requests
x Improved channel cloning for internal redirections
x Added further Microsoft mail services dependencies to the default
whitelist

v 2.6.6rc4
=========================================================================
x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)

v 2.6.6rc3
=========================================================================
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)

v 2.6.6rc2
=========================================================================
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Version 2.6.6rc4 532.1 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6rc4
=========================================================================
x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)

v 2.6.6rc3
=========================================================================
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)

v 2.6.6rc2
=========================================================================
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Version 2.6.6rc3 532.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6rc3
=========================================================================
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)

v 2.6.6rc2
=========================================================================
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Version 2.6.6rc1 532.0 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Version 2.6.5.9 531.9 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.5.9
=========================================================================
x Fixed outlook.com UI broken in Nightly by work-around for bug 677050
(thanks Raùl Duràn of Microsoft for troubleshooting help)
- Removed STS support for Gecko >= 4, which provides built-in HSTS
x Work around for multiple object creation causing UI inconsistencies
(thanks al_9x for reporting)
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
Function.prototype.toSource() (thanks yahoo mail user for report)

Version 2.6.5.9rc3 532.0 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.5.9rc3
=========================================================================
x Fixed outlook.com UI broken in Nightly by work-around for bug 677050
(thanks Raùl Duràn of Microsoft for troubleshooting help)

v 2.6.5.9rc2
=========================================================================
- Removed STS support for Gecko >= 4, which provides built-in HSTS
x Work around for multiple object creation causing UI inconsistencies
(thanks al_9x for reporting)

v 2.6.5.9rc1
=========================================================================
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
Function.prototype.toSource() (thanks yahoo mail user for report)

Version 2.6.5.9rc2 531.9 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Version 2.6.5.9rc1 532.4 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.5.9rc1
=========================================================================
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
Function.prototype.toSource() (thanks yahoo mail user for report)

Version 2.6.5.8 531.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.5.8
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Version 2.6.5.8rc4 531.4 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.5.8rc4
=========================================================================
x Fixed "Mark as Untrusted" button on the "Site Info" page not working
properly (thanks SwissBIT for reporting)

v 2.6.5.8rc3
=========================================================================
x Fixed Google Analytics cross-site checks breaking GMail composition
window (thanks Michael Mischurow for reporting)

v 2.6.5.8rc2
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Version 2.6.5.8rc3 531.4 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.5.8rc3
=========================================================================
x Fixed Google Analytics cross-site checks breaking GMail composition
window (thanks Michael Mischurow for reporting)

v 2.6.5.8rc2
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Version 2.6.5.8rc2 531.4 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.5.8rc2
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Version 2.6.5.8rc1 531.1 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)