Versionsgeschichte von NoScript

379 Versionen

Seien Sie vorsichtig mit alten Versionen!

Diese Versionen werden zu Referenz- und Testzwecken angezeigt. Sie sollten immer die letzte Version eines Add-ons verwenden.

Version 2.6.8.16.1-signed 524.5 KiB Funktioniert mit Firefox 3.0.9 - 31.0, SeaMonkey 2.0 - 2.28

v 2.6.8.16
=========================================================================
x Closing a placeholder doesn't collapse its space anymore, unless the
noscript.placeholderCollapseOnClose is set to true or the "Collapse
blocked objects" Embeddings option is checked (thanks Elmart for RFE)
x Further bookmarklet emulation improvements yet (thanks porl for RFEs)

Version 2.6.8.14.1-signed 523.7 KiB Funktioniert mit Firefox 3.0.9 - 30.0, SeaMonkey 2.0 - 2.27

v 2.6.8.14
=========================================================================
x Fixed bookmarklet execution disabling JavaScript on whitelisted pages
(Firefox >= 29, thanks vsemozhetbyt for reporting mozbug 970445)
x [ABE] Improved compatibility with .local domains (thanks func0der for
reporting)

Version 2.6.8.13.1-signed 523.6 KiB Funktioniert mit Firefox 3.0.9 - 30.0, SeaMonkey 2.0 - 2.27

v 2.6.8.13
=========================================================================
x Restored z-order mobility for options dialog on Linux (thanks barbaz
for RFE)
x Moved ClearClick options into their own "Advanced" sub-tab (thanks
Thrawn for RFE)
x Minor options dialog tweakings
- Removed External Filters options panel
x The option dialog is non-modal and recycled now (thanks barbaz for RFE)

Version 2.6.8.12.1-signed 524.1 KiB Funktioniert mit Firefox 3.0.9 - 30.0, SeaMonkey 2.0 - 2.27

v 2.6.8.12
=========================================================================
x Improved work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=958962
+ [Surrogate] Prevent blank ModPagespeed-patched pages when meta refresh
inside NOSCRIPT elements is blocked (thanks thunderscript and barbaz)
x Fixed one-time this.getSite() error on startup
+ Browser Console support
x [Locale] Updated fr (thanks Jack Black)
x Fixed feed reader broken on non-whitelisted sites in non-stable Firefox
(thanks LouCypher for reporting)

Version 2.6.8.11.1-signed 523.4 KiB Funktioniert mit Firefox 3.0.9 - 29.0, SeaMonkey 2.0 - 2.26

v 2.6.8.11
=========================================================================
x [XSS] Fixed nested URL parsing optimization bug (thanks Masato Kinugawa
for reporting)
x [XSS] Abort, rather than filter, potential charset-based attacks (
thanks Masato Kinugawa for reporting)
x [XSS] Improved Ebay compatibility (thanks Markus Wienand for reporting)

x [XSS] Fixed bad charset check regression from rc6 (thanks Masato
Kinugawa for reporting)
x [XSS] Fixed bad charset checks not honoring exceptions (thanks Masato
Kinugawa for reporting)
x Adopted the Components.utils.blockScriptForGlobal() API where possible
x [XSS] Further improvements in recursive link checks (thanks Masato
Kinugawa for reporting)
x [XSS] Better checks for combined data/javascript URIs (thanks Masato
Kinugawa for reporting)
x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
Kinugawa for reporting)
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.10.1-signed 523.0 KiB Funktioniert mit Firefox 3.0.9 - 29.0, SeaMonkey 2.0 - 2.26

v 2.6.8.10
=========================================================================
x [XSS] Fixed regression causing Google Talk false positive (thanks
Stuart Young for report)
x Made about:srcdoc placeholder URL for seamless iframes "mandatory"
to reflect its actual permissions status (thanks barbaz for RFE)

Version 2.6.8.9.1-signed 522.7 KiB Funktioniert mit Firefox 3.0.9 - 29.0, SeaMonkey 2.0 - 2.26

v 2.6.8.9
=========================================================================
x [XSS] Stricter HTML checks (thanks Masato Kinugawa for reporting)
x [ClearClick] Exception to cope with Youtube's Google+ comments
x [XSS] Better data: URI detection (thanks Masato Kinugawa for reporting)
x [XSS] Improved pure HTML checks (thanks Masato Kinugawa for reporting)
x [XSS] Fixed InjectionChecker tolerance bug (thanks Masato Kinugawa for
reporting)
x [XSS] Improved sanitization

Version 2.6.8.8.1-signed 522.9 KiB Funktioniert mit Firefox 3.0.9 - 29.0, SeaMonkey 2.0 - 2.26

v 2.6.8.8
=========================================================================
+ Enforce docShell-based script blocking for Gecko > 28
+ [Surrogate] addthis.com widget emulation (thanks Mathnerd314)

Version 2.6.8.7.1-signed 522.6 KiB Funktioniert mit Firefox 3.0.9 - 29.0, SeaMonkey 2.0 - 2.26

v 2.6.8.7
=========================================================================
x Fixed performance regression in request identity tracking (thanks
cumdacon and nospamboz for reporting)
+ Protection against new SQLXSSI obfuscation techinques (thanks Alex
Inführ for reporting)
x Fixed noscript.allowedMimeRegExp ignoring the FONT pseudo-type (thanks
barbaz for reporting)

Version 2.6.8.6.1-signed 522.3 KiB Funktioniert mit Firefox 3.0.9 - 29.0, SeaMonkey 2.0 - 2.26

v 2.6.8.6
=========================================================================
x Fixed bugs in noscript.allowedMimeRegExp support (thanks barbaz for
reporting)
x [ABE] Fixed increased asynchronicity in Gecko's network processing
causing intermittent failures (thanks barbaz and al_9x for reporting)
x [Surrogate] Fixed bug in asynchronous Google Analytics API emulation
(thanks Lucas Malor for reporting)
x Fixed missing icon for blocked objects when no script is present in the
page and scrips are globally allowed

Version 2.6.8.5.1-signed 522.2 KiB Funktioniert mit Firefox 3.0.9 - 28.0, SeaMonkey 2.0 - 2.25

v 2.6.8.5
=========================================================================
x [ClearClick] Fixed empty contentEditable elements cannot receive
keyboard events in cross-site frames (breaking latest Youtube comments)
x [XSS] Fixed false positive on redirected script inclusions (breaking
Stripe payments on Humblebundle, thanks ableeker for reporting)
x [Surrogate] Better GA, GAPI, Twitter and Facebook compatibility

Version 2.6.8.4.1-signed 522.2 KiB Funktioniert mit Firefox 3.0.9 - 28.0, SeaMonkey 2.0 - 2.25

v 2.6.8.4
=========================================================================
x Fixed shortcut bookmarklet execution requiring noscript.allowURLBarJS
preference to be true on Firefox 25 beta (thanks ivank for report)
x [Surrogate] Better emulation of for Google Analytics asynchronous
tracking (for instance, fixes GMail's "Sign in" link)
x [ClearClick] Fixed exception being thrown on Firefox 27 alpha (Nightly)
x Fixed URL bar enhancements broken by Firefox 25 beta
x Fixed SetVariable/GetVariable failing on dynamically created Flash
elements, e.g. with SFWObject (thanks longsleep for reporting)

Version 2.6.8.3.1-signed 522.3 KiB Funktioniert mit Firefox 3.0.9 - 27.0, SeaMonkey 2.0 - 2.24

v 2.6.8.3
=========================================================================
x Fixed complex bookmarklet execution requiring synchronous XHR in a
content policy callback
x Fixed full-page plugins failed activation until the page is reloaded
x Fixed full-page HTML5 media failing to play after activation until the
page is reloaded

Version 2.6.8.2.1-signed 522.3 KiB Funktioniert mit Firefox 3.0.9 - 27.0, SeaMonkey 2.0 - 2.24

v 2.6.8.2rc2
=========================================================================
x Fixed request methods different than POST being turned into GET by
internal channel redirection when the DNS entry is not cached yet

v 2.6.8.2rc1
=========================================================================
x Fixed regression from CTP fix: some kinds of embedded objects being
displayed, even though in disabled state, along with placeholders

Version 2.6.8.1.1-signed 522.2 KiB Funktioniert mit Firefox 3.0.9 - 27.0, SeaMonkey 2.0 - 2.24

v 2.6.8.1
=========================================================================
+ Added to the default whitelist some CDN subdomains dedicated to serve
popular open source JS libraries (thanks t3g for RFE)
x Fixed notification box issues with Seamonkey (thanks barbaz)
x Work-around for broken CTP notifications (bug 903675)
x Work-around for Youtube comments XSS false (?) positive
x [Locale] Updated fr (thanks Jack Black)

Version 2.6.7.1.1-signed 521.7 KiB Funktioniert mit Firefox 3.0.9 - 27.0, SeaMonkey 2.0 - 2.24

v 2.6.7.1
=========================================================================
x [XSS] Fixed false positive on GMail when opening the Google Docs file
picker (thanks Harry for reporting)
x [XSS] Fixed parameter elision bug
+ Protection against another variant of error-based SQLXSSI (thanks Alex
Inführ for reporting)

Version 2.6.7.1-signed 521.7 KiB Funktioniert mit Firefox 3.0.9 - 26.0, SeaMonkey 2.0 - 2.23

v 2.6.7
=========================================================================
x Fixed HTML 5 media content types not blocked when loaded as top-level
documents (thanks al_9x for reporting)
x [XSS] Fixed bug in SQLXSSI detection (thanks Alex Inführ for reporting)
x Fixed resources from resource: origin (such as PDF.js fonts) being
unnecessarily blocked in restrictive embed blocking mode
x Removed "ReferenceError: PolicyState is not defined" message appearing
sometimes in the console dump on startup
x Fixed scrollbars removed in frames activated from placeholder (thanks
al_9x for reporting)

Version 2.6.6.9.1-signed 521.5 KiB Funktioniert mit Firefox 3.0.9 - 25.0, SeaMonkey 2.0 - 2.22

v 2.6.6.9
=========================================================================
+ [XSS] Added several experimental / unofficial markup atoms to the
build-time matcher generator (thanks .mario for reporting)

Version 2.6.6.8.1-signed 523.2 KiB Funktioniert mit Firefox 3.0.9 - 25.0, SeaMonkey 2.0 - 2.22

v 2.6.6.8
=========================================================================
x [XSS] Protection against filter evasion exploiting Adobe Flash URL
parsing and charset handling bugs (thanks Soroush Dalili for reporting)

Version 2.6.6.7.1-signed 521.8 KiB Funktioniert mit Firefox 3.0.9 - 25.0, SeaMonkey 2.0 - 2.22

v 2.6.6.7
=========================================================================
x Fixed ClearClick triggered by recently changed browser built-in Click
To Play placeholders (bug 889228)
x [Locale] Updated Czech (thanks Karel)

Version 2.6.6.6.1-signed 521.8 KiB Funktioniert mit Firefox 3.0.9 - 24.0, SeaMonkey 2.0 - 2.21

v 2.6.6.6
=========================================================================
+ Made mimetype whitelisting through the noscript.allowedMimeRegExp
preference work with the WebGL pseudo type (thanks Thrawn for RFE)

v 2.6.6.5
=========================================================================
x Better fix for Nightly breakages

v 2.6.6.4
=========================================================================
x Fixed some recent breakages on Nightly

v 2.6.6.3
=========================================================================
x Improved "fixable" JavaScript links detection (thanks asdf for RFE)

Version 2.6.6.2.1-signed 521.7 KiB Funktioniert mit Firefox 3.0.9 - 24.0, SeaMonkey 2.0 - 2.21

v 2.6.6.2
=========================================================================
x Fixed regression in Tab Mix Plus compatibility due to Gecko 21 changes
x Improved placeholder management for full-document plugin content, e.g.
makes Youtube embeddings more usable on Facebook

Version 2.6.6.1.1-signed 521.7 KiB Funktioniert mit Firefox 3.0.9 - 24.0, SeaMonkey 2.0 - 2.21

v 2.6.6.1
=========================================================================
x Fixed backward compatibility issue with recent channel cloning changes
x [XSS] Compatibility with certain redirector URL patterns (thanks
Stephen F. for reporting)
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Version 2.6.6.1-signed 520.0 KiB Funktioniert mit Firefox 3.0.9 - 23.0, SeaMonkey 2.0 - 2.20

v 2.6.6
=========================================================================
x Added per-window private browsing support to some background requests
x Improved channel cloning for internal redirections
x Added further Microsoft mail services dependencies to the default
whitelist
x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden
s forbidden

Version 2.6.5.9.1-signed 519.4 KiB Funktioniert mit Firefox 3.0.9 - 22.0, SeaMonkey 2.0 - 2.19

v 2.6.5.9
=========================================================================
x Fixed outlook.com UI broken in Nightly by work-around for bug 677050
(thanks Raùl Duràn of Microsoft for troubleshooting help)
- Removed STS support for Gecko >= 4, which provides built-in HSTS
x Work around for multiple object creation causing UI inconsistencies
(thanks al_9x for reporting)
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
Function.prototype.toSource() (thanks yahoo mail user for report)

Version 2.6.5.8.1-signed 518.8 KiB Funktioniert mit Firefox 3.0.9 - 22.0, SeaMonkey 2.0 - 2.19

v 2.6.5.8
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Version 2.6.5.7.1-signed 518.5 KiB Funktioniert mit Firefox 3.0.9 - 22.0, SeaMonkey 2.0 - 2.19

v 2.6.5.7
=========================================================================
x Made "Yes, remove all protections" the default button in the removal
warning dialog
x [XSS] Fixed post-response encoding checks applied to UTF-8 pages too
(thanks Masato Kinugawa for reporting)
x [XSS] Removed host redirection chance on XSS-vulnerable pages (thanks
Masato Kinugawa for reporting)

v 2.6.5.6
=========================================================================
x [XSS] Smarter syntax check optimization, removes harmful side effect
(thanks Masato Kinugawa for reporting)

v 2.6.5.5
=========================================================================
x [XSS] Fixed bug in broken string literals balancing (thanks Masato
Kinugawa for reporting)

v 2.6.5.4
=========================================================================
+ [XSS] Obfuscated string literals detection (thanks Masato Kinugawa for
reporting)

v 2.6.5.3
=========================================================================
x [XSS] Improved parsing while decoding mixed-charset encoded URLs
(thanks Masato Kinugawa for reporting)
+ [XSS] Better decoding of maliciously mixed-charset encoded strings
(thanks Masato Kinugawa for reporting)

v 2.6.5.2
=========================================================================
x [XSS] Work-around for a Gecko race condition allowing some
script-enabled attackers to make the charset-mismatch checks abort
prematurely (thanks Masato Kinugawa for reporting)

v 2.6.5.1
=========================================================================
+ [XSS] Forced unicode conversions more resilient to invalid input
(thanks Masato Kinugawa for reporting)

v 2.6.5
=========================================================================
+ [XSS] More exotic charset awareness added to script injection checks
(thanks Masato Kinugawa for reporting)
x [XSS] Removed limited injection chance allowing redirection of XSS
vulnerable pages to an integral IP (thanks Masato Kinugawa for
reporting)
+ "Security Downgrade Warning" suggests blacklist mode as a better option
than uninstalling, to retain scripting-unrelated protections
- Removed legacy uninstall hooks and related localized strings

Version 2.6.4.4.1-signed 521.0 KiB Funktioniert mit Firefox 3.0.9 - 21.0a1, SeaMonkey 2.0 - 2.18a1

v 2.6.4.4
=========================================================================
x Fixed plugin placeholders not shown for plugin documents on Gecko >= 19
(thanks therube for reporting)
+ [Surrogate] Support for callbacks in Google Analytics' _gaq.push()
method (thanks Paola Moro for reporting)
+ Allow/Forbid button on the site info page (thanks Edward Huff for RFE)

Version 2.6.4.3.1-signed 520.7 KiB Funktioniert mit Firefox 3.0.9 - 21.0a1, SeaMonkey 2.0 - 2.18a1

v 2.6.4.3
=========================================================================
x [Surrogate] Less aggressive but more compatible adf.ly surrogate (it
automatically skips ad but requires scripts enabled on adf.ly)
x Fixed whitelist listbox couldn't be fully selected by CTRL+A in recent
Firefox versions (thanks Guardian for reporting)
+ [Surrogate] dimtus.com scriptless automatic image revelation
+ [Surrogate] imageteam.org scriptless automatic image revelation
x [External Filters] Fixed cache API compatibility issue

Version 2.6.4.2.1-signed 520.5 KiB Funktioniert mit Firefox 3.0.9 - 20.0a1, SeaMonkey 2.0 - 2.17a1

v 2.6.4.2
=========================================================================
x [ClearClick] Fixed miscalculations in screenshot comparison
x Fixed wrong placeholder position for standalone HTML 5 video content
(thanks mjh563 for reporting)
+ "Appearance" option to hide the "About NoScript" menu item
x Deny loading of any empty Flash object
x Fixed HSB locale (thanks Michael Wolf)
x Fixed forced HTTPS breaks redirects on Firefox >= 18 (thanks mjh563 for
reporting)
x Work-around for Gecko calling nsIContentPolicy::shouldProcess() with
null location for Flash objects sometimes (thanks al_9x for report)
x Fixed broken early HTTP observer on Firefox >= 18 (thanks aloishammer
for reporting)
x Fixed anti-popunder surrogate breaking BFCache (thanks whatever for
reporting)