NoScript Security Suite Version History

850 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.6.9.23rc3 546.6 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.23rc3
=============================================================
x Work-around for anonymized plugin subrequests being vetoed
by channel event sink
x Fixed backward compatibility PopupBoxObject shim

Version 2.6.9.23rc2 546.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.23rc2
=============================================================
x [E10s] Fixed cascading permissions broken when checks are
performed cross-process
x [Surrogate] Removed deprecated "for each" constructs from
replacements
x Fixed missing default preferences (thanks barbaz)

Version 2.6.9.23rc1 546.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.23rc1
=============================================================
x [L10n] Updated ru-RU (thanks negodnik)
x Tentative fix for Bug 1153256 (thanks Dragana Damjanovic)
+ Added about:preferences to the mandatory whitelist
- Removed legacy STS support
+ [Surrogate] 2mdn.net inclusion replacement (thanks barbaz)
+ [E10s] Restored inline JavaScript blocking

Version 2.6.9.22 547.0 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.22
=============================================================
+ [Surrogate] Generalized OWASP antiClickjacking replacement
(thanks barbaz for RFE)
+ [Surrogate] Wordpress scriptless site auto-show replacement
+ bootstrapcdn.com in default whitelist

Version 2.6.9.22rc1 547.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.22rc1
=============================================================
+ [Surrogate] Generalized OWASP antiClickjacking replacement
(thanks barbaz for RFE)
+ [Surrogate] Wordpress scriptless site auto-show replacement
+ bootstrapcdn.com in default whitelist

Version 2.6.9.21 546.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.21
=============================================================
+ Added "mediasource:" to the mandatory whitelist (Moz-Bug
1151638)
x [Surrogate] Updated googletagservices.com replacement
(thanks barbaz)
x Better compatibility with SDK-based add-ons using data:
URIs (thanks Mingyi Liu for report)

Version 2.6.9.21rc1 546.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.21rc1
=============================================================
+ Added "mediasource:" to the mandatory whitelist (Moz-Bug
1151638)
x [Surrogate] Updated googletagservices.com replacement
(thanks barbaz)
x Better compatibility with SDK-based add-ons using data:
URIs (thanks Mingyi Liu for report)

Version 2.6.9.20 546.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.20rc2
=============================================================
x Improved "Recently blocked sites..." recording
x Fixed inconsistencies in data: URIs handling (thanks barbaz
for reporting)

Version 2.6.9.20rc2 546.8 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.20rc2
=============================================================
x Improved "Recently blocked sites..." recording

v 2.6.9.20rc1
=============================================================
x Fixed inconsistencies in data: URIs handling (thanks barbaz
for reporting)

Version 2.6.9.20rc1 546.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.20rc1
=============================================================
x Fixed inconsistencies in data: URIs handling (thanks barbaz
for reporting)

Version 2.6.9.19 546.6 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.19
=============================================================
+ [Surrogate] .gigya.com replacement provided by barbaz
+ [Surrogate] js.stripe.com replacement provided by barbaz
+ Improved usability of new Yahoo! video activation (thanks
Glenn for reporting)
+ Added googlevideo.com to the default whitelist because it's
now required to play Youtube movies (thanks barbaz for RFE)

Version 2.6.9.19rc2 546.6 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.19rc2
=============================================================
+ [Surrogate] .gigya.com replacement provided by barbaz
+ [Surrogate] js.stripe.com replacement provided by barbaz

v 2.6.9.19rc1
=============================================================
+ Improved usability of new Yahoo! video activation (thanks
Glenn for reporting)
+ Added googlevideo.com to the default whitelist because it's
now required to play Youtube movies (thanks barbaz for RFE)

Version 2.6.9.19rc1 546.5 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.19rc1
=============================================================
+ Improved usability of new Yahoo! video activation (thanks
Glenn for reporting)
+ Added googlevideo.com to the default whitelist because it's
now required to play Youtube movies (thanks barbaz for RFE)

Version 2.6.9.18 546.3 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.18
=============================================================
x Fixed restrictSubdocScripts/globalHTTPSWhitelist
interaction issue (thanks Tor Project for report)
x Fixed regression always disabling scripts whenever site's
host name is a IPv6 literal (thanks ipv6user for report)
x Fixed menu automatic disappearance on mouse exit broken by
Firefox 36 changes (thanks randavis, cumdacon and barbaz
for report)

Version 2.6.9.18rc3 546.4 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.18rc3
=============================================================
x Fixed restrictSubdocScripts/globalHTTPSWhitelist
interaction issue (thanks Tor Project for report)

v 2.6.9.18rc2
=============================================================
x Fixed regression always disabling scripts whenever site's
host name is a IPv6 literal (thanks ipv6user for report)

v 2.6.9.18rc1
=============================================================
x Fixed menu automatic disappearance on mouse exit broken by
Firefox 36 changes (thanks randavis, cumdacon and barbaz
for report)

Version 2.6.9.18rc2 546.3 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.18rc2
=============================================================
x Fixed regression always disabling scripts whenever site's
host name is a IPv6 literal (thanks ipv6user for report)

v 2.6.9.18rc1
=============================================================
x Fixed menu automatic disappearance on mouse exit broken by
Firefox 36 changes (thanks randavis, cumdacon and barbaz
for report)

Version 2.6.9.18rc1 546.2 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.18rc1
=============================================================
x Fixed menu automatic disappearance on mouse exit broken by
Firefox 36 changes (thanks randavis, cumdacon and barbaz
for report)

Version 2.6.9.17 546.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.17
=============================================================
x Fixed cascadePermissions/globalHTTPSWhitelist interaction
issue with IFRAMEs (thanks Tor Project for report)
x Fixed cascadePermissions being enforced also if the top
document is implicitly allowed by the globalHTTPSWhitelist
policy, rather than explicitly whitelisted, causing HTTP
subdocument and scripts to be unintendendly allowed when
the top document is HTTPS (thanks Tor Project for report)
x [Surrogate] Update Google Analytics replacement (thanks
barbaz)

Version 2.6.9.17rc2 546.2 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.17rc2
=============================================================
x Fixed cascadePermissions/globalHTTPSWhitelist interaction
issue with IFRAMEs (thanks Tor Project for report)

v 2.6.9.17rc1
=============================================================
x Fixed cascadePermissions being enforced also if the top
document is implicitly allowed by the globalHTTPSWhitelist
policy, rather than explicitly whitelisted, causing HTTP
subdocument and scripts to be unintendendly allowed when
the top document is HTTPS (thanks Tor Project for report)
x [Surrogate] Update Google Analytics replacement (thanks
barbaz)

Version 2.6.9.17rc1 546.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.17rc1
=============================================================
+ Fixed cascadePermissions being enforced also if the top
document is implicitly allowed by the globalHTTPSWhitelist
policy, rather than explicitly whitelisted, causing HTTP
subdocument and scripts to be unintendendly allowed when
the top document is HTTPS (thanks Tor Project for report)
x [Surrogate] Update Google Analytics replacement (thanks

Version 2.6.9.16 545.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.16
=============================================================
+ [Surrogate] Updated Gravatar surrogate (thanks barbaz)
+ Additional HTML sanitization when pasting rich text into
content-editable elements (thanks .mario for RFE)
+ Introduced framework for E10s migration, starting with new
features and fixes
x Removed deprecated let () expressions from the code base

Version 2.6.9.16rc1 546.0 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.16rc1
=============================================================
+ [Surrogate] Updated Gravatar surrogate (thanks barbaz)
+ Additional HTML sanitization when pasting rich text into
content-editable elements (thanks .mario for RFE)
+ Introduced framework for E10s migration, starting with new
features and fixes
x Removed deprecated let () expressions from the code base

Version 2.6.9.15 544.5 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.15
=============================================================
+ Fixed regression in 2.6.9.12 causing data: URI documents
to be scripting-enabled (thanks GOF for tweet)

Version 2.6.9.15rc1 544.5 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.15rc1
=============================================================
+ Fixed regression in 2.6.9.12 causing data: URI documents
to be scripting-enabled (thanks GOF for tweet)

Version 2.6.9.14 544.5 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.14
=============================================================
+ [Surrogate] OWASP legacy Javascript-based "antiClickjack"
protection surrogate to unhide "protected" pages when
scripting is disabled (thanks barbaz)
+ Restored noscript.forbidXHR functionality trying to make it
more web-compatible (thanks barbaz for RFE)

Version 2.6.9.14rc2 544.5 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.14rc2
=============================================================
+ [Surrogate] OWASP legacy Javascript-based "antiClickjack"
protection surrogate to unhide "protected" pages when
scripting is disabled (thanks Thrawn)

v 2.6.9.14rc1
=============================================================
+ Restored noscript.forbidXHR functionality trying to make it
more web-compatible (thanks barbaz for RFE)

Version 2.6.9.14rc1 544.4 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.14rc1
=============================================================
+ Restored noscript.forbidXHR functionality trying to make it
more web-compatible (thanks barbaz for RFE)

Version 2.6.9.13rc3 544.3 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.13rc3
=============================================================
x [XSS] Fixed regression in stripping optimizations (thanks
Masato Kinugawa for reporting)

Version 2.6.9.13 544.2 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.13
=============================================================
x [XSS] Fixed bugs in comment stripping optimization (thanks
Masato Kinugawa for reporting)
x [XSS] Better protection against some ES6 attacks (thanks
Masato Kinugawa for reporting)
- Removed support for XMLHttpRequest blocking
(noscript.forbidXHR preference). The same functionality,
if really needed, can still be achieved through ABE anyway.

Version 2.6.9.13rc2 544.3 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.13rc2
=============================================================
x [XSS] Fixed bug in comment stripping optimization (thanks
Masato Kinugawa for reporting)

v 2.6.9.13rc1
=============================================================
x [XSS] Better protection against some ES6 attacks (thanks
Masato Kinugawa for reporting)
- Removed support for XMLHttpRequest blocking
(noscript.forbidXHR preference). The same functionality,
if really needed, can still be achieved through ABE anyway.