Versionsgeschichte von NoScript

643 Versionen

Seien Sie vorsichtig mit alten Versionen!

Diese Versionen werden zu Referenz- und Testzwecken angezeigt. Sie sollten immer die letzte Version eines Add-ons verwenden.

Version 2.5.7rc5 517.0 KiB Funktioniert mit Firefox 3.0.9 - 19.0a1, SeaMonkey 2.0 - 2.15.*

v 2.5.7rc5
=========================================================================
x Fixed synchronous timeout emulation ordering bug in bookmarklet
execution on scriptless pages (thanks Infocatcher for reporting)

v 2.5.7rc4
=========================================================================
x [XSS] Fixed comment preprocessing optimization affecting free
JavaScript detection, thanks Masato Kinugawa for reporting
x [XSS] Fixed second order data: URLs sanitization issue, thanks Masato
Kinugawa for reporting

v 2.5.7rc3
=========================================================================
x Fixed meta refresh blocker notification bar broken on Gecko < 4 (thanks
nitou for reporting)
x Fixed iframe placeholder positioning issue (thanks al_9x for report)

v 2.5.7rc2
=========================================================================
x Fixed regression in placeholder positioning (thanks al_9x for report)

v 2.5.7rc1
=========================================================================
x [ClearClick] Fixed false positive on cross-site SVG document embeddings
(thanks Steffen for reporting)

Version 2.5.7rc4 517.1 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.7rc4
=========================================================================
x [XSS] Fixed comment preprocessing optimization affecting free
JavaScript detection, thanks Masato Kinugawa for reporting
x [XSS] Fixed second order data: URLs sanitization issue, thanks Masato
Kinugawa for reporting

v 2.5.7rc3
=========================================================================
x Fixed meta refresh blocker notification bar broken on Gecko < 4 (thanks
nitou for reporting)
x Fixed iframe placeholder positioning issue (thanks al_9x for report)

v 2.5.7rc2
=========================================================================
x Fixed regression in placeholder positioning (thanks al_9x for report)

v 2.5.7rc1
=========================================================================
x [ClearClick] Fixed false positive on cross-site SVG document embeddings
(thanks Steffen for reporting)

Version 2.5.7rc1 517.0 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.7rc1
=========================================================================
x [ClearClick] Fixed false positive on cross-site SVG document embeddings
(thanks Steffen for reporting)

Version 2.5.7rc3 517.1 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.7rc3
=========================================================================
x Fixed meta refresh blocker notification bar broken on Gecko < 4 (thanks
nitou for reporting)
x Fixed iframe placeholder positioning issue (thanks al_9x for report)

v 2.5.7rc2
=========================================================================
x Fixed regression in placeholder positioning (thanks al_9x for report)

v 2.5.7rc1
=========================================================================
x [ClearClick] Fixed false positive on cross-site SVG document embeddings
(thanks Steffen for reporting)

Version 2.5.7rc2 517.0 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.7rc2
=========================================================================
x Fixed regression in placeholder positioning (thanks al_9x for report)

v 2.5.7rc1
=========================================================================
x [ClearClick] Fixed false positive on cross-site SVG document embeddings
(thanks Steffen for reporting)

Version 2.5.6rc2 517.1 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.6rc2
=========================================================================
+ [XSS] Fixed slow regular expression causing some base64 request
payloads to trigger false positives (thanks Mirko Tasler for reporting)

v 2.5.6rc1
=========================================================================
+ Force placeholders to frontmost position e.g. on HTML 5 Youtube content
+ New icon for blocked embeddings on globally allowed pages (thanks
therube for RFE)

Version 2.5.6rc1 517.0 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.6rc1
=========================================================================
+ Force placeholders to frontmost position e.g. on HTML 5 Youtube content
+ New icon for blocked embeddings on globally allowed pages (thanks
therube for RFE)

Version 2.5.5rc2 515.0 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.5rc2
=========================================================================
x Cross-browser work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=789773

v 2.5.5rc1
=========================================================================
+ More reliable Java applet origin identification
x Work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=789773

Version 2.5.5rc1 515.0 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.5rc1
=========================================================================
+ More reliable Java applet origin identification
x Work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=789773

Version 2.5.4rc3 515.0 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.4rc3
=========================================================================
x Fixed HTTP checks not being skipped anymore for some chrome-generated
XMLHttpRequest requests because of a Gecko 15 change
x Work-around for cloned DOM nodes not retaining additional
chrome-attached information anymore, thus breaking placeholders in some
cases (thanks al_9x for reporting)
x Fixed placeholder post-enablement event channeling broken by Sandbox
changes

v 2.5.4rc2
=========================================================================
x Fixed meta-refresh emulation regression in Gecko 16 and below

v 2.5.4rc1
=========================================================================
x Fixed placeholder sizes messed up by changes in Gecko 17
x Work-around for broken content policy call for Java plugin on Gecko 17
and above (thanks marty60 for reporting)

Version 2.5.4rc2 515.0 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.4rc2
=========================================================================
x Fixed meta-refresh emulation regression in Gecko 16 and below

v 2.5.4rc1
=========================================================================
x Fixed placeholder sizes messed up by changes in Gecko 17
x Work-around for broken content policy call for Java plugin on Gecko 17
and above (thanks marty60 for reporting)

Version 2.5.4rc1 515.0 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.4rc1
=========================================================================
x Fixed placeholder sizes messed up by changes in Gecko 17
x Work-around for broken content policy call for Java plugin on Gecko 17
and above (thanks marty60 for reporting)

Version 2.5.3rc4 515.0 KiB Funktioniert mit Firefox 3.0.9 - 18.0a1, SeaMonkey 2.0 - 2.15a1

v 2.5.3rc4
=========================================================================
x Fixed false positives on URL containing an ASP.NET cookieless session
identifier (thanks Trupti Chaudhari for reporting)

v 2.5.3rc3
=========================================================================
+ noscript.eraseFloatingElements about:config preference to switch the
mousedown + del key floating popup erasing feature off and on
x Limited the mousedown + del key floating popup erasing feature to pages
where scripts are forbidden and to absolute or fixed position elements

v 2.5.3rc2
=========================================================================
x Fixed JavaScript URL non-void expression evaluation in the URL bar
causing scripts to get globally allowed (thanks al_9x for reporting)

v 2.5.3rc1
=========================================================================
x [XSS] Work-around for a Gecko URL parsing quirk (thanks .mario for
reporting)

Version 2.5.3rc3 514.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.5.3rc3
=========================================================================
+ noscript.eraseFloatingElements about:config preference to switch the
mousedown + del key floating popup erasing feature off and on
x Limited the mousedown + del key floating popup erasing feature to pages
where scripts are forbidden and to absolute or fixed position elements

v 2.5.3rc2
=========================================================================
x Fixed JavaScript URL non-void expression evaluation in the URL bar
causing scripts to get globally allowed (thanks al_9x for reporting)

v 2.5.3rc1
=========================================================================
x [XSS] Work-around for a Gecko URL parsing quirk (thanks .mario for
reporting)

Version 2.5.3rc2 514.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.5.3rc2
=========================================================================
x Fixed JavaScript URL non-void expression evaluation in the URL bar
causing scripts to get globally allowed (thanks al_9x for reporting)

v 2.5.3rc1
=========================================================================
x [XSS] Work-around for a Gecko URL parsing quirk (thanks .mario for
reporting)

Version 2.5.3rc1 514.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

Version 2.5.2rc2 514.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.5.2rc2
=========================================================================
x [ClearClick] Improved protection against clickjacking timing attacks
(thanks Nafeez Ahmed for reporting)

v 2.5.2rc1
=========================================================================
x Fine tuned floating div (in-page popup) removal by locking it to the
nearest positioned ancestor and swallowing the mouseup event if the
DEL key has been hit after last mousedown

Version 2.5.2rc1 514.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.5.2rc1
=========================================================================
x Fine tuned floating div (in-page popup) removal by locking it to the
nearest positioned ancestor and swallowing the mouseup event if the
DEL key has been hit after last mousedown

Version 2.5.1rc2 514.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.5.1rc2
=========================================================================
+ Holding the left mouse button down on a page element and hitting the
DEL key will remove it (useful to forcibly kill in-page popups when
scripts are disabled)
x Fixed Acid3 test scoring 99 instead of 100 because of a Cursorjacking
protection implementation detail
- Disabled LiveConnect interception on Gecko 16 or better, since Java
globals have been removed from the DOM
x [XSS] Work-around for Mozilla TBPL DOS (thanks Daniel Holbert for
reporting)
x Fixed Silverlight and Flash scripted initialization patches being
broken by recent JavaScript interpreter changes

Version 2.5.1rc1 513.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.5.1rc1
=========================================================================
x Work-around for hp-ww.com misconfiguration (JavaScript files served
with bogus content-type header)

Version 2.5rc6 513.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.5rc6
=========================================================================
+ [XSS] Further reduction in false positives triggered by XML payloads

v 2.5rc5
=========================================================================
x Further hack to remove the height attribute automatically set on the
notification stack by browser tools (thanks therube for reporting)

v 2.5rc4
=========================================================================
x Hack to automatically restore the notification bar position as the last
of its sibling DOM nodes, as a better work-around for browser tools
messing with its height
- Removed ineffective CSS-based work-around for the browser tools
splitter messing with NoScript notification's height

v 2.5rc3
=========================================================================
+ [XSS] Improved XML handling algorithm preserves E4X detection accuracy
while removing false positives, e.g. against OAUTH payloads
x [XSS] Added exception for self-injecting yahoo.com/yimg.com frames (can
be disabled by setting the noscript.filterXExceptions.yahoo
about:config preference to false)

v 2.5rc2
=========================================================================
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)

v 2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Version 2.5rc5 513.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.5rc5
=========================================================================
x Further hack to remove the height attribute automatically set on the
notification stack by browser tools (thanks therube for reporting)

v 2.5rc4
=========================================================================
x Hack to automatically restore the notification bar position as the last
of its sibling DOM nodes, as a better work-around for browser tools
messing with its height
- Removed ineffective CSS-based work-around for the browser tools
splitter messing with NoScript notification's height

v 2.5rc3
=========================================================================
+ [XSS] Improved XML handling algorithm preserves E4X detection accuracy
while removing false positives, e.g. against OAUTH payloads
x [XSS] Added exception for self-injecting yahoo.com/yimg.com frames (can
be disabled by setting the noscript.filterXExceptions.yahoo
about:config preference to false)

v 2.5rc2
=========================================================================
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)

v 2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Version 2.5rc4 513.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.5rc4
=========================================================================
+ Hack to automatically restore the notification bar position as the last
of its sibling DOM nodes, as a better work-around for browser tools
messing with its height
- Removed ineffective CSS-based work-around for the browser tools
splitter messing with NoScript notification's height

v 2.5rc3
=========================================================================
+ [XSS] Improved XML handling algorithm preserves E4X detection accuracy
while removing false positives, e.g. against OAUTH payloads
x [XSS] Added exception for self-injecting yahoo.com/yimg.com frames (can
be disabled by setting the noscript.filterXExceptions.yahoo
about:config preference to false)

v 2.5rc2
=========================================================================
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)

v 2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Version 2.5rc3 513.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.5rc3
=========================================================================
+ [XSS] Improved XML handling algorithm preserves E4X detection accuracy
while removing false positives, e.g. against OAUTH payloads
x [XSS] Added exception for self-injecting yahoo.com/yimg.com frames (can
be disabled by setting the noscript.filterXExceptions.yahoo
about:config preference to false)

v 2.5rc2
=========================================================================
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)

v 2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Version 2.5rc2 513.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

2.5rc2
=========================================================================
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)

2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Version 2.5rc1 513.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Version 2.4.9rc2 513.0 KiB Funktioniert mit Firefox 3.0.9 - 17.0a1, SeaMonkey 2.0 - 2.14a1

v 2.4.9rc2
=========================================================================
+ Added ability to replace obsolete default whitelist entries
x Replaced browserid.org with persona.org in the default whitelist
x Improved anti-DOS protection
x Better usability with some HTML5 Youtube videos (thanks Mike Perry
for reporting)
x Reverted to the ctrl+shift+S main keyboard shortcut
x [XSS] Fixed XML preprocessing breaking detection of some E4X
constructs (thanks Pepe Vila for reporting)

v 2.4.9rc1
=========================================================================
+ [XSS] Protection against error-based SQLI with a XSS payload (thanks
Ashar Javed for reporting, original disclosure by Keith Makan)

Version 2.4.9rc1 513.0 KiB Funktioniert mit Firefox 3.0.9 - 16.0a1, SeaMonkey 2.0 - 2.13a1

v 2.4.9rc1
=========================================================================
+ [XSS] Protection against error-based SQLI with a XSS payload (thanks
Ashar Javed for reporting, original disclosure by Keith Makan)

Version 2.4.8rc3 513.0 KiB Funktioniert mit Firefox 3.0.9 - 16.0a1, SeaMonkey 2.0 - 2.13a1

v 2.4.8rc3
=========================================================================
x Work-around for Mozilla bug 771655 (broken debugger)
x Changed default UI shortcut to ctrl+shift+N because ctrl+shift+S is
taken by the debugger

v 2.4.8rc2
=========================================================================
x Fixed regression from 2.4.8rc1: new URL unwrapping code causing a XSS
filter bypass (thanks Masato Kinugawa for report)

v 2.4.8rc1
=========================================================================
x Fixed feed: and pcast: URLs not being unwrapped in some checks (thanks
Alex Inführ for reporting)
x Removed assumptions of a body element from some code paths which may
handle generic XML documents

Version 2.4.8rc2 513.0 KiB Funktioniert mit Firefox 3.0.9 - 16.0a1, SeaMonkey 2.0 - 2.13a1

v 2.4.8rc2
=========================================================================
x Fixed regression from 2.4.8rc1: new URL unwrapping code causing a XSS
filter bypass (thanks Masato Kinugawa for report)

v 2.4.8rc1
=========================================================================
x Fixed feed: and pcast: URLs not being unwrapped in some checks (thanks
Alex Inführ for reporting)
x Removed assumptions of a body element