NoScript Security Suite Version History

622 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.6.7.1rc2 521.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.7.1rc2
=========================================================================
x [XSS] Fixed false positive on GMail when opening the Google Docs file
picker (thanks Joachim Ott for reporting)
x [XSS] Fixed parameter elision bug

v 2.6.7.1rc1
=========================================================================
+ Protection against another variant of error-based SQLXSSI (thanks Alex
Inführ for reporting)

Version 2.6.7.1rc1 521.5 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.7.1rc1
=========================================================================
+ Protection against two new specific variants of SQLXSSI (thanks Alex
Inführ for reporting)

Version 2.6.7rc3 521.5 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.7rc3
=========================================================================
x Fixed HTML 5 media content types not blocked when loaded as top-level
documents (thanks al_9x for reporting)

v 2.6.7rc2
=========================================================================
x Removed further "ReferenceError: PolicyState is not defined" messages
x [XSS] Fixed bug in SQLXSSI detection (thanks Alex Inführ for reporting)

v 2.6.7rc1
=========================================================================
x Fixed resources from resource: origin (such as PDF.js fonts) being
unnecessarily blocked in restrictive embed blocking mode
x Removed "ReferenceError: PolicyState is not defined" message appearing
sometimes in the console dump on startup
x Fixed scrollbars removed in frames activated from placeholder (thanks
al_9x for reporting)

Version 2.6.7rc2 521.7 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.7rc2
=========================================================================
x Removed further "ReferenceError: PolicyState is not defined" messages
x [XSS] Fixed bug in SQLXSSI detection (thanks Alex Inführ for reporting)

v 2.6.7rc1
=========================================================================
x Fixed resources from resource: origin (such as PDF.js fonts) being
unnecessarily blocked in restrictive embed blocking mode
x Removed "ReferenceError: PolicyState is not defined" message appearing
sometimes in the console dump on startup
x Fixed scrollbars removed in frames activated from placeholder (thanks
al_9x for reporting)

Version 2.6.7rc1 521.4 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.7rc1
=========================================================================
x Fixed resources from resource: origin (such as PDF.js fonts) being
unnecessarily blocked in restrictive embed blocking mode
x Removed "ReferenceError: PolicyState is not defined" message appearing
sometimes in the console dump on startup
x Fixed scrollbars removed in frames activated from placeholder (thanks
al_9x for reporting)

Version 2.6.6.9rc1 521.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.9rc1
=========================================================================
+ [XSS] Added several experimental / unofficial markup atoms to the
build-time matcher generator (thanks .mario for reporting)

Version 2.6.6.8rc1 523.1 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.8rc1
=========================================================================
x [XSS] Protection against filter evasion exploiting Adobe Flash URL
parsing and charset handling bugs (thanks Soroush Dalili for reporting)

Version 2.6.6.7rc1 521.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.7rc1
=========================================================================
x Fixed ClearClick triggered by recently changed browser built-in Click
To Play placeholders (bug 889228)
x [Locale] Updated Czech (thanks Karel)

Version 2.6.6.6rc1 521.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.6rc1
=========================================================================
+ Made mimetype whitelisting through the noscript.allowedMimeRegExp
preference work with the WebGL pseudo type (thanks Thrawn for RFE)

v 2.6.6.5rc1
=========================================================================
x Better fix for Nightly breakages

v 2.6.6.4rc1
=========================================================================
x Fixed some recent breakages on Nightly

v 2.6.6.3rc1
=========================================================================
x Improved "fixable" JavaScript links detection (thanks asdf for RFE)

Version 2.6.6.5rc1 522.1 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.5rc1
=========================================================================
x Better fix for Nightly breakages

Version 2.6.6.4rc1 522.0 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.4rc1
=========================================================================
x Fixed some recent breakages on Nightly

Version 2.6.6.3rc1 521.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.3rc1
=========================================================================
x Improved "fixable" JavaScript links detection (thanks asdf for RFE)

Version 2.6.6.2rc2 522.1 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.2rc2
=========================================================================
x Fixed regression in Tab Mix Plus compatibility due to Gecko 21 changes

v 2.6.6.2rc1
=========================================================================
x Improved placeholder management for full-document plugin content, e.g.
makes Youtube embeddings more usable on Facebook

Version 2.6.6.2rc1 521.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.2rc1
=========================================================================
x Improved placeholder management for full-document plugin content, e.g.
makes Youtube embeddings more usable on Facebook

Version 2.6.6.1rc2 522.0 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.1rc2
=========================================================================
x Fixed backward compatibility issue with recent channel cloning changes
x [XSS] Compatibility with certain redirector URL patterns (thanks
Stephen F. for reporting)

v 2.6.6.1rc1
=========================================================================
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Version 2.6.6.1rc1 521.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6.1rc1
=========================================================================
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Version 2.6.6rc5 520.2 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6rc5
=========================================================================
x Added per-window private browsing support to some background requests
x Improved channel cloning for internal redirections
x Added further Microsoft mail services dependencies to the default
whitelist

v 2.6.6rc4
=========================================================================
x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)

v 2.6.6rc3
=========================================================================
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)

v 2.6.6rc2
=========================================================================
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Version 2.6.6rc4 519.6 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6rc4
=========================================================================
x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)

v 2.6.6rc3
=========================================================================
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)

v 2.6.6rc2
=========================================================================
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Version 2.6.6rc3 519.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6rc3
=========================================================================
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)

v 2.6.6rc2
=========================================================================
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Version 2.6.6rc1 519.5 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Version 2.6.5.9rc3 519.5 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.5.9rc3
=========================================================================
x Fixed outlook.com UI broken in Nightly by work-around for bug 677050
(thanks Raùl Duràn of Microsoft for troubleshooting help)

v 2.6.5.9rc2
=========================================================================
- Removed STS support for Gecko >= 4, which provides built-in HSTS
x Work around for multiple object creation causing UI inconsistencies
(thanks al_9x for reporting)

v 2.6.5.9rc1
=========================================================================
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
Function.prototype.toSource() (thanks yahoo mail user for report)

Version 2.6.5.9rc2 519.5 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

Version 2.6.5.9rc1 519.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.5.9rc1
=========================================================================
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
Function.prototype.toSource() (thanks yahoo mail user for report)

Version 2.6.5.8rc4 518.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.5.8rc4
=========================================================================
x Fixed "Mark as Untrusted" button on the "Site Info" page not working
properly (thanks SwissBIT for reporting)

v 2.6.5.8rc3
=========================================================================
x Fixed Google Analytics cross-site checks breaking GMail composition
window (thanks Michael Mischurow for reporting)

v 2.6.5.8rc2
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Version 2.6.5.8rc3 518.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.5.8rc3
=========================================================================
x Fixed Google Analytics cross-site checks breaking GMail composition
window (thanks Michael Mischurow for reporting)

v 2.6.5.8rc2
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Version 2.6.5.8rc2 518.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.5.8rc2
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Version 2.6.5.8rc1 518.7 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Version 2.6.5.7rc2 518.6 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.5.7rc2
=========================================================================
x Made "Yes, remove all protections" the default button in the removal
warning dialog

v 2.6.5.7rc1
=========================================================================
x [XSS] Fixed post-response encoding checks applied to UTF-8 pages too
(thanks Masato Kinugawa for reporting)
x [XSS] Removed host redirection chance on XSS-vulnerable pages (thanks
Masato Kinugawa for reporting)

Version 2.6.5.7rc1 518.6 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.5.7rc1
=========================================================================
x [XSS] Fixed post-response encoding checks applied to UTF-8 pages too
(thanks Masato Kinugawa for reporting)
x [XSS] Removed host redirection chance on XSS-vulnerable pages (thanks
Masato Kinugawa for reporting)

Version 2.6.5.6rc1 518.6 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.5.6rc1
=========================================================================
x [XSS] Smarter syntax check optimization, removes harmful side effect
(thanks Masato Kinugawa for reporting)

v 2.6.5.5rc1
=========================================================================
x [XSS] Fixed bug in broken string literals balancing (thanks Masato
Kinugawa for reporting)

v 2.6.5.4rc1
=========================================================================
+ [XSS] Obfuscated string literals detection (thanks Masato Kinugawa for
reporting)

v 2.6.5.3rc2
=========================================================================
x [XSS] Improved parsing while decoding mixed-charset encoded URLs
(thanks Masato Kinugawa for reporting)

v 2.6.5.3rc1
=========================================================================
+ [XSS] Better decoding of maliciously mixed-charset encoded strings
(thanks Masato Kinugawa for reporting)

v 2.6.5.2rc1
=========================================================================
x [XSS] Work-around for a Gecko race condition allowing some
script-enabled attackers to make the charset-mismatch checks abort
prematurely (thanks Masato Kinugawa for reporting)

v 2.6.5.1rc1
=========================================================================
+ [XSS] Forced unicode conversions more resilient to invalid input
(thanks Masato Kinugawa for reporting)

v 2.6.5rc2
=========================================================================
x Better wording for the "Security Downgrade Warning" options

v 2.6.5rc1
=========================================================================
+ [XSS] More exotic charset awareness added to script injection checks
(thanks Masato Kinugawa for reporting)
x [XSS] Removed limited injection chance allowing redirection of XSS
vulnerable pages to an integral IP (thanks Masato Kinugawa for
reporting)
+ Suggestion of blacklist mode as a viable alternative to disablement or
uninstall which retains protections unrelated to script blocking
- Removed legacy uninstall hooks and related localized strings