NoScript Security Suite Version History

847 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 1.9.0.8 357.4 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

http://noscript.net/changelog

v 1.9.0.8
=====================================================================
x Work around for Mozilla bug 453825

v 1.9.0.7
=====================================================================
x Work around for SimpleViewer and other Flash movies replaced with
innerHTML breaking on nsIContentPolicy presence (thanks Steffen
Zahn for reporting).

Version 1.9.0.6 357.4 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

http://noscript.net/changelog

v 1.9.0.6
=====================================================================
x Fixed page-level surrogates in subframes being executed too much
early to be effective (thanks GossamerGremlin for report)
x Work-around for bug 4066046 (thanks Alice0755)
x Fixed incompatibility with the wfx_Versions extension (thanks
Archaeopteryx for report)
x Fixed double activation for nested OBJECT elements, e.g. apple.com
QuickTime movies (thanks al_9 for report)
x Fixed Silverlight applets not intercepted in Gecko 1.8.1.19-20
(thanks al_9x for report)

Version 1.9.0.5 357.4 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

v 1.9.0.5
=====================================================================
+ Upper limits for JS link detection loop (thanks Wladimir Palant)
+ about:certerror added to the intrinsic whitelist
+ ClearClick compatibility with the Link Alert extension
+ 3rd party script blocking improvements
x Updated Slovak translation

Version 1.9.0.4 357.4 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.9.0.4
=====================================================================
x Fixed XHTML namespacing issues (thanks dhouwn for report)

v 1.9.0.3
=====================================================================
x Fixed E4X hijacking false positive with scripts delimited by XML
comments and containing XML (thanks Jim Mattfield for report)

v 1.9.0.2
=====================================================================
x Fixed X-FRAME-OPTIONS not working inside OBJECT elements (thanks
Joris van der Wel for report)
x Restored broken compatibility with Seamonkey 1.0.x (thanks James
Andrewartha for report)

v 1.9.0.1
=====================================================================
x Work around for edge case false positive on plugins embedded in
cross-site framesets (thanks therube for report)

Version 1.9 356.4 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

1.9
=====================================================================
+ Improved ClearClick sensitivity (thanks Eric Lawrence for report)

1.8.9.9
=====================================================================
+ Experimental X-FRAME-OPTIONS compatibility support (see
http://hackademix.net/2009/01/29/x-frame-options-in-firefox/ and
http://evil.hackademix.net/frameopts/ )
x Updated pt-BR translation
x Fixed freeze on Poken URLs (thanks ksdz for report)
x Fixed URIs nested in query string being normalized with trailing
slash (thanks Benny Brostrup and Carsten for reporting about
login.service.csc.dk)

1.8.9.8
=====================================================================
+ Support for page-level surrogate scripts, executed before pages
whose URL matches sources patterns starting with "@" start loading
x Enhanced "catch all" Google Analytics surrogate (thanks Jesse
Andrew for reporting)
x Refactored the Silverlight IsVersionSupported() patch to use
ScriptSurrogate.execute()
x Streamlined Silverlight support
+ Instant placeholders, being shown before page finishes loading

Version 1.8.9.7 355.3 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

1.8.9.7
=====================================================================
x Improved script surrogation reliability
x Fixed URIValidator preferences not being updated at runtime
x Updated Sweden locale

v 1.8.9.6
=====================================================================
+ Evernote compatibility hacks

v 1.8.9.5
=====================================================================
+ Stricter checks for the "Attempt to fix JavaScript link" feature
and emulation of form submission links (thanks Jah for report)

v 1.8.9.4
=====================================================================
x Fixed minimum sized placeholder potentially exceeding smaller
frames (thanks greenhatch for report about BetFair's menu)
x Fixed ClearClick form bounds miscalculation with negative coords
(thanks Zjakki Willems for report about BlogSpot's search feature)
x Fixed document loaded in a nested iframe when enabling a blocked
legacy frame

v 1.8.9.3
=====================================================================
+ Extensible script surrogate mechanism (surrogating Google Analytics
by default, look at noscript.surrogate.* in about:config)
+ noscript.placeholderMinSize (default 32) forces a minimum
pixel size on object placeholders
x Cleaned up noscript.jsHack for custom usages

Version 1.8.9.2 354.3 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.9.2
=====================================================================
x Fixed page loading stalled sometimes when the final destination of
a redirected script inclusion gets blocked by NoScript

v 1.8.9.1
=====================================================================
x Fixed 3rd party script files starting with an XML comment being
"swallowed" (breaking myway.com, netaddress.com and others)

Full changelog: http://noscript.net/changelog

Version 1.8.9 353.3 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.9
=====================================================================
+ New noscript.clearclick.exceptions preference to specify URL
patterns of page where clickjacking shouldn't be checked
x *.ebay.com ClearClick exception to temporarily work-around a false
positive on one-click bids too difficult to reproduce
x Performance optimization of the JSON and E4X hijacking protection
x Compatibility with Amazon one-click
x Removed __count__ usage triggering a deprecated warning in Fx 3.0.x
x Relaxed XSS checks from same-domain HTTPSHTTP requests
x Improved E4X hijacking detection, skips leading XML comments in
scripts (http://forums.mozillazine.org/viewtopic.php?p=5488645)
x Updated Japanese translation

v 1.8.8.95
=====================================================================
+ JSON and E4X hijacking protection (Gecko >= 1.9.0.4 required)

v 1.8.8.94
=====================================================================
x Removed a potential document leak

v 1.8.8.93
=====================================================================
x Improved accuracy of the new simulated onchange event handler

v 1.8.8.92
=====================================================================
x Work-around for 1.9.2a1 Components.utils.lookupMethod() breakage
x Restored placeholder outline on 1.9.2a1

v 1.8.8.91
=====================================================================
+ Added browser-built-in about:xyz URLs to the permanent whitelist
+ Simulated onchange event handling for simple HTML select drop-down
with URL-like options
x Work-around for bug 453825 triggered by hack for bug 472495 and
breaking smugmug.com Flash-based fullscreen slideshows (thanks
Daniel Dorau for reporting)

v 1.8.8.9
=====================================================================
+ New zoom-guessing algorithm, giving more accurate results than
nsIMarkupDocumentViewer.fullZoom built-in property, to fix
ClearClick false positives at some fractional zoom levels

Full changelog: http://noscript.net/changelog

Version 1.8.8.8 351.2 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.8.8
=====================================================================
+ Kazakh translation (thanks Baurzhan Muftakhidinov)
x ClearClick optimization by canvas recycling
x Work-around for bug 472495

v 1.8.8.7
=====================================================================
x Work-around for Windows Media Player embedded objects missing video
streams under some circumstances (thanks AteUte52 for reporting)

v 1.8.8.6
=====================================================================
x Fixed ClearClick false positive on very narrow frames (e.g. on
http://horseracing.betfair.com - thanks greenhatch for reporting)
x Fixed XSS false positive on very long indexed CGI parameters lists
(e.g. on http://pingoat.com - thanks Daethian for reporting)

Full changelog: http://noscript.net/changelog

Version 1.8.8.5 346.1 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.8.5
=====================================================================
x Further optimization of Base64 injection checks
x More accurate clipping of scrolling frames in ClearClick

v 1.8.8.4
=====================================================================
x Performance optimization of Base64 injection checks (thanks Dave
Griffiths for reporting an Ebay chatroom issue)

v 1.8.8.3
=====================================================================
+ More specific injection checks for scriptless targets
+ Compatibility with the Fire.fm extension
x Fixed sporadic swallowed clicks on Google Street View

v 1.8.8.2
=====================================================================
x Fixed file:/// not showing anymore in NoScript menus

v 1.8.8.1
=====================================================================
x Fixed possible long-running loop on complex JSON-like requests

Full changelog: http://noscript.net/changelog

Version 1.8.8 346.1 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.8
=====================================================================
x Fixed rare ClearClick false positives on the bottom edge of
scrolling frames
x Fixed ClearClick false positive on some cnbc.com videos

v 1.8.7.8
=====================================================================
+ Compatibility with Fennec Alpha 2

v 1.8.7.7
=====================================================================
+ InjectionChecker checks HTML injections on untrusted targets too
+ Chained and nested JSON support (necessary to graceufully handle
some Facebook APIs)
x Fixed too much aggressive data: URL sanitization
x Fixed sites whose URL doesn't support host not showing in menu
(thanks timeless for report)

Version 1.8.7.6 346.1 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0a1, SeaMonkey 1.1 - 2.0a3

v 1.8.7.6
=====================================================================
x Improved specificity for "location=code" injection checks
x Compatibility with Facebook Connect JSON patterns

v 1.8.7.5
=====================================================================
x Heavy optimization of JSON reduction routine (up to 100x speedup),
thanks Brian Krebs and Amy Buzby for reports and samples
x Fixed top-level plugin content difficult to allow by clicking its
placeholder when other plugin-interacting extensions are active

Full changelog at http://noscript.net/changelog

Version 1.8.7.4 346.1 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.7.4
=====================================================================
+ Contextual disablement with visual feedback for "Revoke temporary
permissions" and "Temporarily allow all on this page" toolbar
buttons (thanks WAPCE for suggestion).
x Improved early detection of event attribute XSS
x Updated Arabic translation by Khaled Hosny

v 1.8.7.3
=====================================================================
x Better viewport framing when scrollbars are present (thanks
timeless for report)
x Compatibility with Firefox 3.2a1pre

1.8.7.2
=====================================================================
x Work-around for Google Toolbar 5 Beta conflict
x Work-around for newTabURL incompatibility
x Adaptation to bug 464754

1.8.7.1
=====================================================================
x Fixed issues with noscript.forbidIFrameContext = 0 (thanks Aerik
for report)

Full changelog at http://noscript.net/changelog

Version 1.8.7 343.0 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

Version 1.8.6 327.7 kB Works with Firefox 1.5 - 3.1b3pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a2

Version 1.8.5 325.6 kB Works with Firefox 1.5 - 3.1b2pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a2

Version 1.8.4.1 324.6 kB Works with Firefox 1.5 - 3.1b2pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a2

Version 1.8.4 324.6 kB Works with Firefox 1.5 - 3.1b2pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a2

Version 1.8.3.6 320.5 kB Works with Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.3.3 317.4 kB Works with Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.3.2 317.4 kB Works with Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.3 317.4 kB Works with Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.2.8 314.4 kB Works with Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

1.8.2.8 fixes an issue with external protocol (mailto:, e2k:, irc:...) not working.
http://noscript.net/changelog

Version 1.8.2.4 312.3 kB Works with Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.2.3 312.3 kB Works with Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.2.2 312.3 kB Works with Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

1.8.2.2 improves ClearClick accuracy, reducing false positives rate near to 0 and making it usable on trusted sites as well.
More details:
http://noscript.net/changelog
http://noscript.net/faq#clearclick

Version 1.8.2.1 305.2 kB Works with Firefox 2.0 - 3.1b2pre, SeaMonkey 1.0 - 2.0a2

1.8.2.1 backports the new ClearClick functionality to be compatible with Firefox 2.x, Seamonkey 1.1.x and other Gecko 1.8.1 browsers.

http://noscript.net/changelog

Version 1.8.2 305.2 kB Works with Firefox 3.0a1 - 3.1b1pre, SeaMonkey 1.0 - 2.0a2

Version 1.8.1.3 293.9 kB Works with Firefox 1.5.0.4 - 3.1b1pre, SeaMonkey 1.0 - 2.0a2

1.8.1.2 and 1.8.1.3 fix all the reported login problems AND turn off the Automatic Secure Cookie Management by default, so have no fear to install.
Anyway, if you decide to turn Automatic Secure Cookie Management on, your feedback about this new feature is very appreciated.

Details on http://noscript.net/changelog and http://noscript.net/faq#https

Version 1.8.1.2 293.9 kB Works with Firefox 1.5.0.4 - 3.1b1pre, SeaMonkey 1.0 - 2.0a1