NoScript Security Suite Version History

843 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.0.5rc4 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.5rc4 (identical to 2.0.5 final)
==========================================================================
x Fixed stability issue when forcing HTTPS on images

v 2.0.5rc3
==========================================================================
x Faster and more "correct" hack for internal redirections

v 2.0.5rc2
==========================================================================
x Experimental asynchronous channel replacement for ABE and HTTPS
enforcement, should prevent issues with image caching
x Work-around for Google/Youtube bug, sending "Content-Type: text/plain"
header for script files even with "X-Content-Type-Options: nosniff" (see
http://forums.informaction.com/viewtopic.php?f=7&t=5304)

v 2.0.5rc1
==========================================================================
x Fixed automatic allowing for XMLHttpRequest of sites with explicit port
numbers whose domain is allowed (thanks evanpelt for reporting)

Version 2.0.5rc3 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.5rc3
==========================================================================
x Faster and more "correct" hack for internal redirections

v 2.0.5rc2
==========================================================================
x Experimental asynchronous channel replacement for ABE and HTTPS
enforcement, should prevent issues with image caching
x Work-around for Google/Youtube bug, sending "Content-Type: text/plain"
header for script files even with "X-Content-Type-Options: nosniff" (see
http://forums.informaction.com/viewtopic.php?f=7&t=5304)

v 2.0.5rc1
==========================================================================
x Fixed automatic allowing for XMLHttpRequest of sites with explicit port
numbers whose domain is allowed (thanks evanpelt for reporting)

Version 2.0.5rc2 498.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.5rc2
==========================================================================
x Experimental asynchronous channel replacement for ABE and HTTPS
enforcement, should prevent issues with image caching
x Work-around for Google/Youtube bug, sending "Content-Type: text/plain"
header for script files even with "X-Content-Type-Options: nosniff" (see
http://forums.informaction.com/viewtopic.php?f=7&t=5304)

v 2.0.5rc1
==========================================================================
x Fixed automatic allowing for XMLHttpRequest of sites with explicit port
numbers whose domain is allowed (thanks evanpelt for reporting)

Version 2.0.4 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.4rc2
==========================================================================
+ Better logging for the "X-Content-Type-Options: nosniff" activity
+ noscript.nosniff about:config preference to control whether enforcing
"X-Content-Type-Options: nosniff" (true, default) or not (false)

v 2.0.4rc1
==========================================================================
+ "X-Content-Type-Options: nosniff" support
x Fixed using bookmarklets with noscript.allowBookmarkletImports set to
false erronously adds current website to the JavaScript whitelist

Version 2.0.4rc2 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.4rc2
==========================================================================
+ Better logging for the "X-Content-Type-Options: nosniff" activity
+ noscript.nosniff about:config preference to control whether enforcing
"X-Content-Type-Options: nosniff" (true, default) or not (false)

v 2.0.4rc1
==========================================================================
+ X-Content-Type-Options support
x Fixed using bookmarklets with noscript.allowBookmarkletImports set to
false erronously adds current website to the JavaScript whitelist

Version 2.0.4rc1 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.4rc1
==========================================================================
+ X-Content-Type-Options support
x Fixed using bookmarklets with noscript.allowBookmarkletImports set to
false erronously adds current website to the JavaScript whitelist

Version 2.0.3.5 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.5
==========================================================================
x [UI] Fixed right-click on the toolbar button switching permissions

v 2.0.3.4
==========================================================================
+ [UI] Bold "Recently blocked" menu and items which have been attempted to
load from the currently displayed web site (thanks therube for RFE)
- Removed legacy (pre Fx 3) notification code

v 2.0.3.4rc2
==========================================================================
- [UI] Removed status icon hover effect
+ [Surrogate] adriver.ru surrogate to prevent "pages never finish loading"
problem (thanks al_9x)
+ [ClearClick] Unlocked flag caching performance optimizations
+ AddressMatcher now matches UTF8 (not IDN-encoded) host names too
+ AddressMatcher now matches scheme only (xyz:) patterns
x Work-around for X-Frame-Option interfering with mixed chrome/content
UIs (e.g. Firefox 4 add-ons manager)

v 2.0.3.4rc1
==========================================================================
x Fixed unchecking and re-checking the toggle permissions toolbar button
behavior ending in an inconsistent status (thanks Grump Old Lady for
reporting)
x [XSS] Improved Blogger CMS compatibility (thanks Logos for reporting)

Version 2.0.3.5rc1 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.5
==========================================================================
x [UI] Fixed right-click on the toolbar button switching permissions

Version 2.0.3.4rc3 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.4rc3 (same as 2.0.3.4 final)
==========================================================================
+ [UI] Bold "Recently blocked" menu and items which have been attempted to
load from the currently displayed web site (thanks therube for RFE)
- Removed legacy (pre Fx 3) notification code

v 2.0.3.4rc2
==========================================================================
- [UI] Removed status icon hover effect
+ [Surrogate] adriver.ru surrogate to prevent "pages never finish loading"
problem (thanks al_9x)
+ [ClearClick] Unlocked flag caching performance optimizations
+ AddressMatcher now matches UTF8 (not IDN-encoded) host names too
+ AddressMatcher now matches scheme only (xyz:) patterns
x Work-around for X-Frame-Option interfering with mixed chrome/content
UIs (e.g. Firefox 4 add-ons manager)

v 2.0.3.4rc1
==========================================================================
x Fixed unchecking and re-checking the toggle permissions toolbar button
behavior ending in an inconsistent status (thanks Grump Old Lady for
reporting)
x [XSS] Improved Blogger CMS compatibility (thanks Logos for reporting)

Version 2.0.3.4rc2 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.4rc2
==========================================================================
- [UI] Removed status icon hover effect
+ [Surrogate] adriver.ru surrogate to prevent "pages never finish loading"
problem (thanks al_9x)
+ [ClearClick] Unlocked flag caching performance optimizations
+ AddressMatcher now matches UTF8 (not IDN-encoded) host names too
+ AddressMatcher now matches scheme only (xyz:) patterns
x Work-around for X-Frame-Option interfering with mixed chrome/content
UIs (e.g. Firefox 4 add-ons manager)

v 2.0.3.4rc1
==========================================================================
x Fixed unchecking and re-checking the toggle permissions toolbar button
behavior ending in an inconsistent status (thanks Grump Old Lady for
reporting)
x [XSS] Improved Blogger CMS compatibility (thanks Logos for reporting)

Version 2.0.3.3 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.3
==========================================================================
x Changed noscript.forbidIFramesContext about:config preference default to
3 (same base domain) to ensure better usability on complex sites (e.g.
new Twitter) for people who's blocking iframes on trusted sites
x Optimal sensitivity calibration for Hover UI trigger events

v 2.0.3.3rc3
==========================================================================
+ Improved Hover UI usability with the noscript.hoverUI.delayStop
about:config preference, dictating how many milliseconds the mouse must
stand still on NoScript's icon before NoScript's menu is displayed

v 2.0.3.3rc2
==========================================================================
+ [Surrogate] Surrogate scripts are no longer wrapped inside anonymous
functions, in order to allow top-level variables to be forced read-only
by using the const keyword; built-in surrogates have been retrofitted to
prevent scope clashes, by adding anonymous function wrappers as needed

v 2.0.3.3rc1
==========================================================================
+ [UI] Configurable enter and exit delays for the hover UI behavior, via
noscript.hoverUI.delay* about:config preferences
x [ClearClick] improved compatibility with very short frames (like the top
bar on www.blogger.com, thanks craftcove for reporting)
x [Policy] Removed legacy code specializing TYPE_OTHER

Version 2.0.3.3rc4 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.3rc4
==========================================================================
x Changed noscript.forbidIFramesContext about:config preference default to
3 (same base domain) to ensure better usability on complex sites (e.g.
new Twitter) for people who's blocking iframes on trusted sites
x Optimal sensitivity calibration for Hover UI trigger events

Version 2.0.3.3rc3 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.3rc3
==========================================================================
+ Improved Hover UI usability with the noscript.hoverUI.delayStop
about:config preference, dictating how many milliseconds the mouse must
stand still on NoScript's icon before NoScript's menu is displayed

v 2.0.3.3rc2
==========================================================================
+ [Surrogate] Surrogate scripts are no longer wrapped inside anonymous
functions, in order to allow top-level variables to be forced read-only
by using the const keyword; built-in surrogates have been retrofitted to
prevent scope clashes, by adding anonymous function wrappers as needed

Version 2.0.3.3rc1 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.3rc1
==========================================================================
+ [UI] Configurable enter and exit delays for the hover UI behavior, via
noscript.hoverUI.delay* about:config preferences
x [ClearClick] improved compatibility with very short frames (like the top
bar on www.blogger.com, thanks craftcove for reporting)
x [Policy] Removed legacy code specializing TYPE_OTHER

Version 2.0.3.2 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.2
==========================================================================
x Work-around for first script element in body of a framed document not
being executed unless password manager is enabled on Minefield
x Work-around for surrogates not being executed in frames on Minefield

v 2.0.3.2rc1
==========================================================================
x Fixed further menu glitches with URL ports (thanks al_9x for reporting)

v 2.0.3.1
==========================================================================
x [UI] added 250ms delay for menu disappearing on mouse out from icon (
disappearing mouse out from menu already used a 500ms delay)
x Fixed explicit port URL related regression (thanks al_9x for reporting)

v 2.0.3.1rc6
==========================================================================
x Fixed further breakages due to Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc5
==========================================================================
x Fixed redirections broken by Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc4
==========================================================================
x Work-arounds for some CAPS implementation impedance mismatches (thanks
GµårÐïåñ and al_9x for reporting)

v 2.0.3.1rc3
==========================================================================
+ [UI] Extended the "open on hover" behavior to the toolbar button
x about:crashes added to the mandatory whitelist

v 2.0.3.1rc2
==========================================================================
x [Surrogate] Fixed window.open not working for HTTP sites on recent
Minefield builds
x Fixed minor glitch in channel replacement on trunk

v 2.0.3.1rc1
==========================================================================
x [Surrogate] Restored the previous document.cookie patching order, since
it seems more compatible with some buggy sites

Version 2.0.3.2rc2 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.2rc2
==========================================================================
x Work-around for first script element in body of a framed document not
being executed unless password manager is enabled on Minefield
x Work-around for surrogates not being executed in frames on Minefield

v 2.0.3.2rc1
==========================================================================
x Fixed further menu glitches with URL ports (thanks al_9x for reporting)

Version 2.0.3.1rc7 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.1rc7 (same as 2.0.3.1 final)
==========================================================================
x [UI] added 250ms delay for menu disappearing on mouse out from icon (
disappearing mouse out from menu already used a 500ms delay)
x Fixed explicit port URL related regression (thanks al_9x for reporting)

Version 2.0.3.1rc6 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.1rc6
==========================================================================
x Fixed further breakages due to Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc5
==========================================================================
x Fixed redirections broken by Array prototype chain glitches introduced
in latest Minefield

Version 2.0.3.1rc4 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1


v 2.0.3.1rc4
==========================================================================
+ Fixed some CAPS implementation impedance mismatches (thanks GµårÐïåñ and
al_9x for reporting)

v 2.0.3.1rc3
==========================================================================
+ [UI] Extended the "open on hover" behavior to the toolbar button
x about:crashes added to the mandatory whitelist

Version 2.0.3.1rc2 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.1rc2
==========================================================================
x [Surrogate] Fixed window.open not working for HTTP sites on recent
Minefield builds
x Fixed minor glitch in channel replacement on trunk

Version 2.0.3.1rc1 497.7 kB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3.1rc1
==========================================================================
x [Surrogate] Restored the previous document.cookie patching order, since
it seems more compatible with some buggy sites

Version 2.0.3 497.7 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3
==========================================================================
x [Surrogate] Improved compatibility of the popunder surrogate
x [Surrogate] Fixed broken meebo.com detached windows
x [L10n] Updated it-IT

v 2.0.3rc4
==========================================================================
+ [Pref] "NoScript Options|Appearance|Open permissions menu when mouse
hovers over NoScript's icon" checkbox
x [UI] Minor refinements in the new "UI on hovering" behavior

v 2.0.3rc3
==========================================================================
x [XSS] Fixed "Unsafe reload" not working under some circumstances (thanks
the JoshMeister for reporting)
+ [XSS] Better compatibility with Blogspot's CMS (thanks the JoshMeister
for reporting)
x Fixed "setting a property that has only a getter" warning in strict mode
x Better compatibility with CDNs improperly serving JavaScript files with
a CSS mime type

v 2.0.3rc2
==========================================================================
x Fixed "Partially allowed" message instead of "Forbidden" when everything
is blocked, including some embeddings (thanks jan for reporting)
x Fixed "No placeholder from untrusted" broken since 2.0.2.4 (thanks al_9x
for reporting)

v 2.0.3rc1
==========================================================================
+ [UI] Clickless "on over" opening of the status bar menu, can be disabled
via noscript.hoverUI about:config preference (thanks safemode for RFE)
x Fixed embedded fonts requiring the page to be allowed, rather than the
just the object, if embedded in data: URIs (thanks Alexander Konovalenko
for reporting)

Version 2.0.3rc5 497.7 kB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3rc5
==========================================================================
x [Surrogate] Improved compatibility of the popunder surrogate
x [Surrogate] Fixed broken meebo.com detached windows
x [L10n] Updated it-IT

Version 2.0.3rc4 497.7 kB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3rc4
==========================================================================
+ [Pref] "NoScript Options|Appearance|Open permissions menu when mouse
hovers over NoScript's icon" checkbox
x [UI] Minor refinements in the new "UI on hovering" behavior

Version 2.0.3rc3 497.7 kB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3rc3
==========================================================================
x [XSS] Fixed "Unsafe reload" not working under some circumstances (thanks
the JoshMeister for reporting)
+ [XSS] Better compatibility with Blogspot's CMS (thanks the JoshMeister
for reporting)
x Fixed "setting a property that has only a getter" warning in strict mode
x Better compatibility with CDNs improperly serving JavaScript files with
a CSS mime type

Version 2.0.3rc2 496.6 kB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3rc2
==========================================================================
x Fixed "Partially allowed" message instead of "Forbidden" when everything
is blocked, including some embedding (thanks jan for reporting)
x Fixed "No placeholder from untrusted" broken since 2.0.2.4 (thanks al_9x
for reporting)

Version 2.0.3rc1 496.6 kB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3rc1
==========================================================================
+ [UI] Clickless "on over" opening of the status bar menu, can be disabled
via noscript.hoverUI about:config preference (thanks safemode for RFE)
x Fixed embedded fonts requiring the page to be allowed, rather than the
just the object, if embedded in data: URIs (thanks Alexander Konovalenko
for reporting)

Version 2.0.2.5 496.6 kB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.5
==========================================================================
x [XSS] Further FBML compatibility improvements

Version 2.0.2.5rc1 496.6 kB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.5rc1
==========================================================================
x [XSS] Further FBML compatibility improvements

Version 2.0.2.4rc2 496.6 kB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.4rc2 (identical to v 2.0.2.4 final)
==========================================================================
+ [XSS] Improved Facebook games compatibility
x [ClearClick] Fixed ABP tabs interfering with cross-window snapshots
x [ClearClick] Fixed bug preventing clicks on frames embedded by URLs
which have no host field
- Removed legacy code to handle ABP tabs on NoScript-blocked objects

v 2.0.2.4rc1
==========================================================================
x [HSTS] Fixed SSL certificate error pages not being patched (removing
the expert interface) when a broken HSTS site is open first time (thaks
Porkulus for reporting)