To try the thousands of add-ons available here, download Mozilla Firefox, a fast, free way to surf the Web!

Close

Welcome to Firefox Add-ons.

Choose from thousands of extra features and styles to make Firefox your own.

Close

On the go?

Check out our Mobile Add-ons site.

Close

NoScript Security Suite Version History

424 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 10.1.8.8 411.6 KiB Works with Firefox for Android 59.0 and later, Firefox 59.0 and later

v 10.1.8.8
=============================================================
x Prevent script injection from messing with
content-disposition=attachment responses.

Download Now Download Anyway

Version 10.1.8.7 411.6 KiB Works with Firefox for Android 59.0 and later, Firefox 59.0 and later

v 10.1.8.7
=============================================================
x Fixed regression breaking meta refresh with relative URLs

Download Now Download Anyway

Version 10.1.8.5 411.6 KiB Works with Firefox for Android 59.0 and later, Firefox 59.0 and later

v 10.1.8.5
=============================================================
x Completed fix for quoted URLs in meta refresh (thanks
Juozas for reporting)

Download Now Download Anyway

Version 10.1.8.4 411.6 KiB Works with Firefox for Android 59.0 and later, Firefox 59.0 and later

v 10.1.8.4
=============================================================
x [L10n] Fixed es translation (thanks Deckan)
x Cosmetic bug fixes
x Updated TLDs

Download Now Download Anyway

Version 10.1.8.3 411.6 KiB Works with Firefox for Android 59.0 and later, Firefox 59.0 and later

v 10.1.8.3
=============================================================
x [XSS] Fixed InjectionChecker choking at some big JSON
payloads sents as POST form data
x Fixed meta-refresh emulation confused by quoted URLs
x [ESR60] Fixed dynamic script injection issues with XML
feeds (thanks skriptimaahinen for report)
x [ESR60] Work-around for Moz Bug 1410755
x Autosize preset buttons to accomodater bigger localized
labels
x [L10n] Shortened de labels (thanks musonius)
x More graceful handling of internal and restricted URLs
(thanks skriptimaahinen for report)
+ [L10n] Added de, es, fr, it, nl, pt_BR and zh_CN locales
(courtesy of Mozilla's localization campaign)
x Switch to inline elements as "NOSCRIPT" HTML replacements
x Fixed subframe content changes producing ambiguous NoScript
icon feedback
x More meaningful/useful popup on (semi)privileged documents
x [Tor Browser] Work-around for crypto-based uiid function
failing on startup
x [Tor Browser] Backported new dynamic script injection to
ESR60
+ Included license files in the XPI
+ [XSS] In-depth protection against native ES6 modules abuse
x Fixed dynamic script injection issues (thanks
skriptimaahinen for help)
+ MSE media reporting and blocking (e.g. on Youtube)

Download Now Download Anyway

Version 10.1.8.2 364.5 KiB Works with Firefox for Android 59.0 and later, Firefox 59.0 and later

v 10.1.8.2
=============================================================
+ Popup toolbar buttons fully configurable via Drag'n'Drop
x Removed redundant leading "NoScript" in window titles
x Work-around for Firefox 60 bug breaking about:blank pages
when a WebExtension declares a "document_start" CSS (thanks
skriptimaahinen for report and fix)
x Fixed buttons in the "hide area" still responsive to clicks

Download Now Download Anyway

Version 10.1.8.1 362.9 KiB Works with Firefox for Android 59.0 and later, Firefox 59.0 and later

v 10.1.8.1
=============================================================
+ [UI] "Disable restrictions for this tab" button in popup
+ [UI] "Disable restrictions globally" button in popup
x Fixed some content blocking stats collection bugs (Thanks
Rob Wu and skriptimaahinen for reports)
x Fixed data: and blob: URIs could be loaded as object and
media sources independently from the parent page's
permissions (thanks skriptimaahinen for report)
x Several performance improvement in inter-process content
blocking stats synchronization (thanks Rob Wu for report)
x [UI] Improved in-popup messages
x [UI] Simplified URL management in "Allow object" prompt
x Fixed dynamic scripts URL matching inconsistencies

Download Now Download Anyway

Version 10.1.7.5 366.5 KiB Works with Firefox for Android 59.0 and later, Firefox 59.0 and later

v 10.1.7.5
=============================================================
x Fixed edge case CSP injection bug (thanks Rob Wu)
x Optimized dynamic script injection (thanks Rob Wu)
x Fixed potential leak on dynamic script injection (thanks
Rob Wu for report)
x Now NoScript's UI on privileged pages explains permissions
cannot be configured there, rather than bluntly opening the
Options page (thanks Rob Wu for suggestion)

Download Now Download Anyway

Version 10.1.7.4 366.4 KiB Works with Firefox for Android 59.0 and later, Firefox 59.0 and later

v 10.1.7.4
=============================================================
x Fixed script enablement status not correctly detected on
some pages rolling their own CSP (causing NOSCRIPT element
and META refresh emulation not to be triggered)
x Fixed "Appearance" NoScript Options tab missing on Android
x [XSS] Fixed semicolon-separated JSON payloads DDOSing the
JSON-optimizer, e.g. with syndication.twitter.com subframes
(thanks KonomiKitten and pal1000 for reports)
x [UI] Renamed "Scripts globally allowed (dangerous)" option
to "No permissions enforcement (dangerous)" to better
reflect its actual effect
x [UI] Better feedback about "No permission enforcement" by
disabling the "Preset customization" section and and the
"Per-site Permissions" tab
x [UI] Moved XSS-related options to the "Advanced" tab
x Fixed disabled webgl breaking feeds on script-enabled sites
(thanks pal1000 for reporting)
x Enhanced dynamic script injection if browser.contentScripts
API is available
x Expanded support for webgl canvas placeholders

Download Now Download Anyway

Version 10.1.7.3 366.1 KiB Works with Firefox for Android 59.0 and later, Firefox 59.0 and later

v 10.1.7.3
=============================================================
x Fixed infinite script count report loops on some sites
(thanks AuntyJack, @ALoss2 and others for reporting)
x Fixed localhost not being recognized as a domain (thanks
skriptimaahinen for patch)
x Fixed regression causing NOSCRIPT element and META refreshes
not to be emulated anymore on script-disabled pages (thanks
barbaz and fatboy for reporting)

Download Now Download Anyway

Version 10.1.6.5 361.7 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.6.5
=============================================================
+ Context menu on web pages to access main UI
x Fixed UI regression showing only the two rightmost
components of IPv4 addresses
x [XSS] More specific and unobtrusive handling of window.name
sanitization
x Fixed "XSS User Choices" not being included in Export files

Download Now Download Anyway

Version 10.1.6.4 361.8 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.6.4
=============================================================
x Fixed race condition on XSS filter first load
x Fixed duplicate entries in UI on page reloads (thanks 8-bit
for reporting)
+ Spinner for long sites lists in Options page
- Removed obsolete work-around for accidental TRUSTED preset
wiping
x [UI] Fixed clicking on capability's label doesn't toggle
the related checkbox (thanks dhouwn and olf for reporting)
x [XSS] Fixed false positives on badly encoded URLs (thanks
sage11 for reporting)

Download Now Download Anyway

Version 5.1.8.4 759.1 KiB Works with Firefox 45.0 - 56.0, SeaMonkey 2.42 - *

v 5.1.6.4
=============================================================
x Fixed XSS false positive on some Facebook embeddings
(thanks barbaz for reporting)
x Fixed edge case origin checks for WebExtensions embedded in
privileged documents
x Fixed DNT support initialization regression (thanks barbaz
for reporting)
x [XSS] Fixed false positives on badly encoded URLs (thanks
sage11 for reporting)
x Script Surrogates don't affect privileged URLs anymore,
unless the noscript.surrogate.matchPrivileged about:config
preference is set to true (thanks barbaz for RFE)
x [e10s] Fixed temporary permissions inter-process sync issue
(thanks to the TorBrowser team for solution)

Download Now Download Anyway

Version 10.1.6.3 361.3 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.6.3
=============================================================
x Improved tooltip clarity
x Added version number to the browser action tooltip (thanks
therube for RFE)
x More restrictive domain matching in the main UI for "fake"
TLDs, showing pseudo 2nd level domains containing one dot
x Domain matching now treats unknown no-dot domains (not in
the public suffixes list) as TLDs everywhere (fix finally
not overwritten by auto-generated tld.js)
x Fixed rc4 regression causing synchronized changes not to be
persisted
x Smarter XSS popup behavior when reporting concurrent events
from/to the same origins
x Fixed full breakage when sync storage is disabled
x Improved layout on small screens (less than 10cm wide)
x Moved preset customization into its own (more discoverable)
global Options section, rather than embedded in assignment
x Improved validation of manual entries
x Needed capabilities highlighted also on short-hand domain
matched entries inside the CUSTOM preset
x Domain matching now works also for manually entered TLDs
and pseudo-TLDs, such as "gov.us" or "cloudflare.net"

Download Now Download Anyway

Version 10.1.6.2 360.4 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.6.2
=============================================================
+ Individual temporary / permanent TRUSTED preset buttons
- Removed customizability of DEFAULT, TRUSTED and UNTRUSTED
preset from the popup (reported as a major source of
confusion) while keeping it in the Options tab
x Better display on mobile devices in portrait mode
x Fixed focus bug on mobile devices
x Fixed confirmation prompt when loading Site Info for the
first time being ignored
x Fixed import feature failing on some full JSON "Classic"
export files (thanks Floe for reporting)
x Fixed policy serialization bug causing temporary TRUSTED
sites to be listed in the UNTRUSTED array as well (thanks
pal1000 for reporting)
x Fixed action icon being disabled on Options tabs and not
re-enabled when navigating away in the same tab (thanks
geek99 for reporting)

Download Now Download Anyway

Version 10.1.6.1 344.2 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.6.1
=============================================================
x Reduced UI sizes in desktop version
x Work-around for Firefox bug preventing the Export button
from working on non-Windows platforms

Download Now Download Anyway

Version 10.1.6 344.3 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.6
=============================================================
x [XSS] Improved sensitivity of JSON whitelisting (thanks
@SamuraiFoochs for reporting)
x [XSS] Improved specificity of nested URL checks (thanks
@SamuraiFoochs for reporting)
x New configuration export implementation, more convoluted
but not requiring the "downloads" permission

Download Now Download Anyway

Version 10.1.5.9 344.8 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.5.9
=============================================================
x Fixed some XSS false positives
x Fixed out of scale rendering regression on high DPI screens

Download Now Download Anyway

Version 10.1.5.8 347.3 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.5.8
=============================================================
+ Fix for linux rendering performance issues
+ First "Quantum" release candidate with Android support
x Inverted order of domains vs full sites in popup

Download Now Download Anyway

Version 10.1.5.7 343.6 KiB Works with Firefox 57.0 and later

v 10.1.5.7
=============================================================
+ Settings import functionality, backward compatible with
NoScript 5 formats
+ Settings export functionality
+ [XSS] The filter now automatically skips embedded documents
which would normally be blocked
x Base domain matching now uses a single dot rule for unknown,
private or "fake" TLDs (e.g. www.acme.corp → acme.corp)
x [XSS] Fixed regression from 10.1.5.6rc2 (thanks Masato
Kinugava for reporting)
x Better feedback for errors in the policy's debug JSON view
(thanks E-Raser for RFE)

Download Now Download Anyway

Version 5.1.8.3 759.1 KiB Works with Firefox 45.0 - 56.0, SeaMonkey 2.42 - *

v 5.1.8.3
=============================================================
x [XSS] Fixed regression (thanks Masato Kinugava for report)

Download Now Download Anyway

Version 10.1.5.6 342.0 KiB Works with Firefox 57.0 and later

v 10.1.5.6
=============================================================
- removed yandex.st from default whitelist (see
https://forums.informaction.com/viewtopic.php?t=23655)
x [XSS] Streamlined multiple unescaping standards handling
x [XSS] Generalized work-around for browser's URL parsing
oddities (thanks Masato Kinugava for reporting)
+ "Temporarily set top-level sites to TRUSTED" option
x [XSS] Fixed user choices forgot across browser sessions

Download Now Download Anyway

Version 5.1.8.2 759.0 KiB Works with Firefox 45.0 - 56.0, SeaMonkey 2.42 - *

v 5.1.8.2
=============================================================
x [ABE] Restored Palemoon compatibility (thanks barbaz for
patch)
x [ABE] Fixed ruleset persistence (thanks barbaz for patch)
- removed yandex.st from default whitelist (see
https://forums.informaction.com/viewtopic.php?t=23655)
x [XSS] Streamlined multiple unescaping standards handling

Download Now Download Anyway

Version 10.1.5.5 341.9 KiB Works with Firefox 57.0 and later

v 10.1.5.5
=============================================================
+ [UI] Clicking on the domain label now opens the "Security
and privacy info" webpage (like middle click on "Classic").
+ "Reset to Defaults" button in the options window
x Improved content script initialization logic (thanks Rob Wu
for suggestions)
x [XSS] Fixed 2nd level interactive bypass (thanks Masato
Kinugava for reporting)
x Fixed sites manually added from the Options textbox don't
stick (thanks Just_Golem for reporting)

Download Now Download Anyway

Version 5.1.8.1 759.0 KiB Works with Firefox 45.0 - 56.0, SeaMonkey 2.42 - *

v 5.1.8.1
=============================================================
x [XSS] Fixed 2nd level interactive bypass (thanks Masato
Kinugava for reporting)

Download Now Download Anyway

Version 10.1.5.4 341.9 KiB Works with Firefox 57.0 and later

v 10.1.5.4
=============================================================
+ [UI] Clicking on the domain label now opens the "Security
and privacy info" webpage (like middle click on "Classic").
+ "Reset to Defaults" button in the options window
x Improved content script initialization logic (thanks Rob Wu
for suggestions)
x [XSS] Fixed 2nd level interactive bypass (thanks Masato
Kinugava for reporting)
x Fixed sites manually added from the Options textbox don't
stick (thanks Just_Golem for reporting)

Download Now Download Anyway

Version 10.1.5.3 346.8 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.5.3
=============================================================
x Fixed regression causing NoScript to ask to reload pages in
order to show permissions more than once upon installation
- Removed most animations causing older system to lag when
large permissions lists are displayed in Options

Download Now Download Anyway

Version 10.1.5.2 346.8 KiB Works with Firefox 57.0 and later

v 10.1.5.2
=============================================================
x Improved work-around for blank windows on Linux Firefox bug
x Fixed XSS false positives on POST requests without data

Download Now Download Anyway

Version 10.1.5.1 347.2 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.5.1
=============================================================
x Fixed regression from new "fail fast" XSS filter main loop,
causing cross-site requests to Google to trigger false
positives (thanks Steve M for reporting)

Download for Linux Download Anyway Download for Mac OS X Download Anyway Download for Windows Download Anyway

Version 10.1.5 347.1 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.5
=============================================================
+ [XSS] Added "Always block requests from ... to ..." in XSS
warning prompt
x [XSS] Fixed url decoding bug (thanks Masato Kinugawa for
reporting)
x Fixed some blocked items not reported in the UI (thanks Bo
Elam for reporting)
x Changed the CSP internal report URI to noscript-csp.invalid
(thanks Tom Schuster Mario Heiderich for RFE)
- Removed unused MSE detection code (thanks Rob Wu for
reporting)

Download Now Download Anyway