NoScript Security Suite Version History

709 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.6.8.13rc1 536.8 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.13rc1
=========================================================================
x The option dialog is non-modal and recycled now (thanks barbaz for RFE)

Version 2.6.8.12 536.6 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.12
=========================================================================
x Improved work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=958962
+ [Surrogate] Prevent blank ModPagespeed-patched pages when meta refresh
inside NOSCRIPT elements is blocked (thanks thunderscript and barbaz)
x Fixed one-time this.getSite() error on startup
+ Browser Console support
x [Locale] Updated fr (thanks Jack Black)
x Fixed feed reader broken on non-whitelisted sites in non-stable Firefox
(thanks LouCypher for reporting)

Version 2.6.8.12rc4 536.7 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.12rc4
=========================================================================
x Improved work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=958962
+ [Surrogate] Prevent blank ModPagespeed-patched pages when meta refresh
inside NOSCRIPT elements is blocked (thanks thunderscript and barbaz)

v 2.6.8.12rc3
=========================================================================
x Work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=958962

v 2.6.8.12rc2
=========================================================================
x Fixed one-time this.getSite() error on startup
+ Browser Console support
x [Locale] Updated fr (thanks Jack Black)

v 2.6.8.12rc1
=========================================================================
x Fixed feed reader broken on non-whitelisted sites in non-stable Firefox
(thanks LouCypher for reporting)

Version 2.6.8.12rc3 536.7 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.12rc3
=========================================================================
x Work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=958962

v 2.6.8.12rc21
=========================================================================
x Fixed one-time this.getSite() error on startup
+ Browser Console support
x [Locale] Updated fr (thanks Jack Black)

v 2.6.8.12rc1
=========================================================================
x Fixed feed reader broken on non-whitelisted sites in non-stable Firefox
(thanks LouCypher for reporting)

Version 2.6.8.12rc2 536.4 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.12rc2
=========================================================================
x Fixed one-time this.getSite() error on startup
+ Browser Console support
x [Locale] Updated fr (thanks Jack Black)

v 2.6.8.12rc1
=========================================================================
x Fixed feed reader broken on non-whitelisted sites in non-stable Firefox
(thanks LouCypher for reporting)

Version 2.6.8.12rc1 536.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.12rc1
=========================================================================
x Fixed feed reader broken on non-whitelisted sites in non-stable Firefox
(thanks LouCypher for reporting)

Version 2.6.8.11 536.0 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.11
=========================================================================
x [XSS] Fixed nested URL parsing optimization bug (thanks Masato Kinugawa
for reporting)
x [XSS] Abort, rather than filter, potential charset-based attacks (
thanks Masato Kinugawa for reporting)
x [XSS] Improved Ebay compatibility (thanks Markus Wienand for reporting)

x [XSS] Fixed bad charset check regression from rc6 (thanks Masato
Kinugawa for reporting)
x [XSS] Fixed bad charset checks not honoring exceptions (thanks Masato
Kinugawa for reporting)
x Adopted the Components.utils.blockScriptForGlobal() API where possible
x [XSS] Further improvements in recursive link checks (thanks Masato
Kinugawa for reporting)
x [XSS] Better checks for combined data/javascript URIs (thanks Masato
Kinugawa for reporting)
x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
Kinugawa for reporting)
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.11rc10 536.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.11rc10
=========================================================================
x [XSS] Fixed new inline script blocking approach (in Firefox Nightly)
not triggering NOSCRIPT element fallbacks

v 2.6.8.11rc9
=========================================================================
x [XSS] Fixed nested URL parsing optimization bug (thanks Masato Kinugawa
for reporting)

v 2.6.8.11rc8
=========================================================================
x [XSS] Abort, rather than filter, potential charset-based attacks (
thanks Masato Kinugawa for reporting)
x [XSS] Improved Ebay compatibility (thanks Markus Wienand for reporting)

v 2.6.8.11rc7
=========================================================================
x [XSS] Fixed bad charset check regression from rc6 (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc6
=========================================================================
x [XSS] Fixed bad charset checks not honoring exceptions (thanks Masato
Kinugawa for reporting)
x Adopted the Components.utils.blockScriptForGlobal() API where possible

v 2.6.8.11rc5
=========================================================================
x [XSS] Further improvements in recursive link checks (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc4
=========================================================================
x [XSS] Better checks for combined data/javascript URIs (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc3
=========================================================================
x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc2
=========================================================================
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)

v 2.6.8.11rc1
=========================================================================
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.11rc9 536.2 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.11rc9
=========================================================================
x [XSS] Fixed nested URL parsing optimization bug (thanks Masato Kinugawa
for reporting)

v 2.6.8.11rc8
=========================================================================
x [XSS] Abort, rather than filter, potential charset-based attacks (
thanks Masato Kinugawa for reporting)
x [XSS] Improved Ebay compatibility (thanks Markus Wienand for reporting)

v 2.6.8.11rc7
=========================================================================
x [XSS] Fixed bad charset check regression from rc6 (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc6
=========================================================================
x [XSS] Fixed bad charset checks not honoring exceptions (thanks Masato
Kinugawa for reporting)
x Adopted the Components.utils.blockScriptForGlobal() API where possible

v 2.6.8.11rc5
=========================================================================
x [XSS] Further improvements in recursive link checks (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc4
=========================================================================
x [XSS] Better checks for combined data/javascript URIs (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc3
=========================================================================
x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc2
=========================================================================
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)

v 2.6.8.11rc1
=========================================================================
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.11rc8 536.1 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.11rc8
=========================================================================
x [XSS] Abort, rather than filter, potential charset-based attacks (
thanks Masato Kinugawa for reporting)
x [XSS] Improved Ebay compatibility (thanks Markus Wienand for reporting)

v 2.6.8.11rc7
=========================================================================
x [XSS] Fixed bad charset check regression from rc6 (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc6
=========================================================================
x [XSS] Fixed bad charset checks not honoring exceptions (thanks Masato
Kinugawa for reporting)
x Adopted the Components.utils.blockScriptForGlobal() API where possible

v 2.6.8.11rc5
=========================================================================
x [XSS] Further improvements in recursive link checks (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc4
=========================================================================
x [XSS] Better checks for combined data/javascript URIs (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc3
=========================================================================
x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc2
=========================================================================
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)

v 2.6.8.11rc1
=========================================================================
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.11rc7 535.8 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Version 2.6.8.11rc6 535.8 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.11rc6
=========================================================================
x [XSS] Fixed bad charset checks not honoring exceptions (thanks Masato
Kinugawa for reporting)
x Adopted the Components.utils.blockScriptForGlobal() API where possible

v 2.6.8.11rc5
=========================================================================
x [XSS] Further improvements in recursive link checks (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc4
=========================================================================
x [XSS] Better checks for combined data/javascript URIs (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc3
=========================================================================
x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc2
=========================================================================
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)

v 2.6.8.11rc1
=========================================================================
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.11rc5 535.6 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.11rc5
=========================================================================
x [XSS] Further improvements in recursive link checks (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc4
=========================================================================
x [XSS] Better checks for combined data/javascript URIs (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc3
=========================================================================
x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc2
=========================================================================
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)

v 2.6.8.11rc1
=========================================================================
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.11rc4 535.7 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.11rc4
=========================================================================
x [XSS] Better checks for combined data/javascript URIs (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc3
=========================================================================
x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc2
=========================================================================
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)

v 2.6.8.11rc1
=========================================================================
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.11rc3 535.7 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.11rc3
=========================================================================
x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
Kinugawa for reporting)

v 2.6.8.11rc2
=========================================================================
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)

v 2.6.8.11rc1
=========================================================================
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.11rc2 535.5 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.11rc2
=========================================================================
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)

v 2.6.8.11rc1
=========================================================================
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.11rc1 535.6 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.11rc1
=========================================================================
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.10 535.5 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.10
=========================================================================
x [XSS] Fixed regression causing Google Talk false positive (thanks
Stuart Young for report)
x Made about:srcdoc placeholder URL for seamless iframes "mandatory"
to reflect its actual permissions status (thanks barbaz for RFE)

Version 2.6.8.10rc1 535.5 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Version 2.6.8.9 535.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.9
=========================================================================
x [XSS] Stricter HTML checks (thanks Masato Kinugawa for reporting)
x [ClearClick] Exception to cope with Youtube's Google+ comments
x [XSS] Better data: URI detection (thanks Masato Kinugawa for reporting)
x [XSS] Improved pure HTML checks (thanks Masato Kinugawa for reporting)
x [XSS] Fixed InjectionChecker tolerance bug (thanks Masato Kinugawa for
reporting)
x [XSS] Improved sanitization

Version 2.6.8.9rc5 535.5 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.9rc5
=========================================================================
x [XSS] Stricter HTML checks (thanks Masato Kinugawa for reporting)
x [ClearClick] Exception to cope with Youtube's Google+ comments

v 2.6.8.9rc4
=========================================================================
x [XSS] Better data: URI detection (thanks Masato Kinugawa for reporting)

v 2.6.8.9rc3
=========================================================================
x [XSS] Improved pure HTML checks (thanks Masato Kinugawa for reporting)

v 2.6.8.9rc2
=========================================================================
x [XSS] Better fix for InjectionChecker tolerance bug (thanks Masato
Kinugawa for reporting)

v 2.6.8.9rc1
=========================================================================
x [XSS] Fixed InjectionChecker tolerance bug (thanks Masato Kinugawa for
reporting)
x [XSS] Improved sanitization

Version 2.6.8.9rc4 535.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.9rc4
=========================================================================
x [XSS] Better data: URI detection (thanks Masato Kinugawa for reporting)

v 2.6.8.9rc3
=========================================================================
x [XSS] Improved pure HTML checks (thanks Masato Kinugawa for reporting)

v 2.6.8.9rc2
=========================================================================
x [XSS] Better fix for InjectionChecker tolerance bug (thanks Masato
Kinugawa for reporting)

v 2.6.8.9rc1
=========================================================================
x [XSS] Fixed InjectionChecker tolerance bug (thanks Masato Kinugawa for
reporting)
x [XSS] Improved sanitization

Version 2.6.8.9rc3 535.6 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.9rc3
=========================================================================
x [XSS] Improved pure HTML checks (thanks Masato Kinugawa for reporting)

v 2.6.8.9rc2
=========================================================================
x [XSS] Better fix for InjectionChecker tolerance bug (thanks Masato
Kinugawa for reporting)

v 2.6.8.9rc1
=========================================================================
x [XSS] Fixed InjectionChecker tolerance bug (thanks Masato Kinugawa for
reporting)
x [XSS] Improved sanitization

Version 2.6.8.9rc2 535.5 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.9rc2
=========================================================================
x [XSS] Better fix for InjectionChecker tolerance bug (thanks Masato
Kinugawa for reporting)

v 2.6.8.9rc1
=========================================================================
x [XSS] Fixed InjectionChecker tolerance bug (thanks Masato Kinugawa for
reporting)
x [XSS] Improved sanitization

Version 2.6.8.9rc1 535.5 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.9rc1
=========================================================================
x [XSS] Fixed InjectionChecker tolerance bug (thanks Masato Kinugawa for
reporting)
x [XSS] Improved sanitization

Version 2.6.8.8 535.4 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.8
=========================================================================
+ Enforce docShell-based script blocking for Gecko > 28
+ [Surrogate] addthis.com widget emulation (thanks Mathnerd314)

Version 2.6.8.8rc2 535.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.8rc2
=========================================================================
+ Enforce docShell-based script blocking for Gecko > 28

v 2.6.8.8rc1
=========================================================================
+ [Surrogate] addthis.com widget emulation (thanks Mathnerd314)

Version 2.6.8.8rc1 535.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.8rc1
=========================================================================
+ [Surrogate] addthis.com widget emulation (thanks Mathnerd314)

Version 2.6.8.7 535.1 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.7
=========================================================================
x Fixed performance regression in request identity tracking (thanks
cumdacon and nospamboz for reporting)
+ Protection against new SQLXSSI obfuscation techinques (thanks Alex
Inführ for reporting)
x Fixed noscript.allowedMimeRegExp ignoring the FONT pseudo-type (thanks
barbaz for reporting)

Version 2.6.8.7rc4 535.3 KB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.7rc4
=========================================================================
x Fixed performance regression in request identity tracking (thanks
cumdacon and nospamboz for reporting)

v 2.6.8.7rc3
=========================================================================
+ Protection against new SQLXSSI obfuscation techinques (thanks Alex
Inführ for reporting)

v 2.6.8.7rc2
=========================================================================
x Fixed noscript.allowedMimeRegExp ignoring the FONT pseudo-type take 2
(thanks barbaz for reporting)

v 2.6.8.7rc1
=========================================================================
x Fixed noscript.allowedMimeRegExp ignoring the FONT pseudo-type (thanks
barbaz for reporting)