NoScript Security Suite version history - 25 versions
NoScript Security Suite by Giorgio Maone
Be careful with old versions! These versions are displayed for testing and reference purposes.
You should always use the latest version of an add-on.
Latest version
Version 11.2.4
Released Mar 26, 2021 - 597.79 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.4
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
(https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
ru, sq, tr, zh_CN
x [nscl] Inteception of webgl context creation in
OffscreenCanvas too
x Fixed configuration upgrades not applied on manual updates
(thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
in a tight loop
x [UI] More understandable label for the cascading
restrictions option
x [nscl] More refactoring out in NoScript Commons Library
x [nscl] patchWindow improvementsSource code released under GNU General Public License, version 2.0
Older versions
Version 11.2.3
Released Feb 17, 2021 - 589.58 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.3
============================================================
x [L10n] Purged non-inclusive terms from obsolete messages
x Added red halo feedback in CUSTOM preset for noscript
element capability
x Fixed missing red halo feedback in CUSTOM preset for
inline scripts and other capabilities sometimes
x Fixed race condition causing noscript elements not to be
rendered sometimesSource code released under GNU General Public License, version 2.0
Version 11.2.2
Released Feb 16, 2021 - 595.04 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.2
============================================================
x Fixed typo in version checked on noscript capability update.
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl,
pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW.Source code released under GNU General Public License, version 2.0
Version 11.2.1
Released Feb 15, 2021 - 594.84 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.1
============================================================
x Configurable capability to show noscript elements on
script-disabled pages
x [UI] Minor CSS Chromium compatibility fix
x [nscl] Refactoring to use Policy and its dependencies from
the NoScript Commons Library
x Switch to faster and easier to maintain tld.js from nscl
x [UI] Fix punycode inconsistencies
x [UI] improve preset and site controls alignment
x Provide feedback in the CUSTOM tab for WebGL usage
attempts even if the canvas element is not attached to the
DOM
x [L10n] Updated de, ja
x Updated HTML events
x Prevent double script on trusted file:// pages in some
edge cases
x Prevent detection of wrapped functions (e.g. in WebGL
interception) on ChromiumSource code released under GNU General Public License, version 2.0
Version 11.2
Released Jan 26, 2021 - 587.8 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2
============================================================
x [XSS] New UI to reveal and selectively remove permanent
user choices
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
made Chromium-compatibile
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.1.9
Released Jan 17, 2021 - 586.09 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.9
============================================================
x Return null when webgl is not allowed (thanks Matthew
Finkel for patch)
x [XSS] Fixed memoization bug resulting in performance
degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
worker
x Shortcut for easier XSS filter testing
x More lenient filter to add a new entry to per-site
permissions
x [L10n] Updated de
x Replace script-embedded bitmap with css-embedded SVG as
the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
added to existing subdomain (thanks barbaz for reporting)Source code released under GNU General Public License, version 2.0
Version 11.1.8
Released Jan 7, 2021 - 613.99 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.8
============================================================
x [XSS] Fix for old pre-screening optimization exploitable
to bypass the filter in recent browsers - thanks Tsubasa
FUJII (@reinforchu) for reporting
x Replace DOM-based entity decoding with the he.js pure JS
library
x Updated copyright statement
x Updated browser-polyfill.js
x Removed obsolete fastclick.js dependency
x [l10n] Updated de (thanks ib and Musonius)
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.1.7
Released Dec 21, 2020 - 589.01 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.7
============================================================
x Optimize serviceWorker tracking for heavy tabs usage
(thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings
x Fixed popup opening being slowed down if options UI is
opened (thanks Sirus for report)
x Explicit failure for wrong settings importation formats
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.1.6
Released Dec 9, 2020 - 588.71 KBWorks with firefox 59.0 and later, android 59.0 and later(cc @lastknight, @raistolo)v 11.1.6
============================================================
x Better handling of concurrent prompts issues (thanks
billarbor for reporting)
x Remove z-index boosting from ancestors when placeholder is
collapsed or replaced (issue #162)
x Fixed permission keyboard shortcuts being triggered with
modifiers like CTRL (thanks barbaz for report)
x More accurate blockage reporting, with better filtering of
page's own CSP effects
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholdersSource code released under GNU General Public License, version 2.0
Version 11.1.5
Released Nov 6, 2020 - 587.78 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.5
============================================================
x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded
x Work-around for Firefox 82 media redirection bug (thanks
ppxxbu and skriptimaahinen)
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.1.4
Released Oct 26, 2020 - 587.74 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.4
============================================================
x Fixed sloppy CSP media blocker detection breaking MSE
blob: media placeholders on Chromium
x Fixed race condition causing temporary settings not to
survive updates sometimes
x Updated TLDs
x [Mobile] Improved prompts appearance on AndroidSource code released under GNU General Public License, version 2.0
Version 11.1.3
Released Oct 9, 2020 - 587.11 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.3 (bump from 11.1.2 due to AMO versioning issues)
============================================================
x Fixed regression: document media and font restrictions
always cascaded (thanks BrainDedd for report)
x Remove domPolicy logging when debugging is off
x Trivial reordering from Mozilla source
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.1.1
Released Oct 6, 2020 - 587.06 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.1
============================================================
x Updated TLDs
x Better heuristic to figure out missing data while
computing contextual policies
x Fixed regression breaking per-tab restrictions disablement
(thanks Horsefly for report)Source code released under GNU General Public License, version 2.0
Version 11.0.46
Released Sep 18, 2020 - 585.44 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.46
============================================================
x Updated TLDs
x [L10n] Updated is
x Fixed file:// and ftp:// specific content scripts not
runnning in subdocuments
x Fixed deferred scripts in file:// pages may run twice
(issue #155)
x Fixed rendering bug with scrolled file:// pages on soft
reload (thanks Iouri for report)
x Fixed 11.0.44 regression: ghost media item reported on
every page
x Better emulation of SVG eventsSource code released under GNU General Public License, version 2.0
Version 11.0.44
Released Sep 14, 2020 - 585.1 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.44
============================================================
x Dispatch synthetic SVGLoad event in soft load when needed
x [L10n] Updated da, es
x Fixed namespacing issues with script replacements
x Fixed media placeholder not shown when blocking Youtube
movies
x Work around for unpredictable content script execution
order
x Ensure content of NoScript prompts is always visible
x Fixed soft reload messing with non UTF-8 encodings (thanks
"Quest" for reporting)
x Updated TLDs
x [XSS] Fixed escape detection bug causing strage false
positives (thanks Dave Howorth for report)Source code released under GNU General Public License, version 2.0
Version 11.0.43
Released Sep 8, 2020 - 584.56 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.43
============================================================
x Fix for some race conditions causing corruptions in
non-HTML non-XML documentsSource code released under GNU General Public License, version 2.0
Version 11.0.42
Released Sep 4, 2020 - 584.4 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.42
============================================================
x Avoid useless "seen" reports from onBeforeRequest()
x Catch broadcast messaging errors
x Make build.sh tag push even already created tags
x Updated TLDs
x Work-around for applying DOM CSP to non-HTML XML documents
(thanks skriptimaahinen)
x Document freezing to handle SVG and other XML documents
as a fallback before CSP insertion
x Refactored and improved syncFetchPolicy fallback for file:
and ftp: special casesSource code released under GNU General Public License, version 2.0
Version 11.0.41
Released Aug 24, 2020 - 580.44 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.41
============================================================
x More precise event suppression mechanism
x Fixed regression: events suppressed on file:// pages
unless scripts are allowed
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.0.40
Released Aug 23, 2020 - 580.22 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.40
============================================================
x Avoid synchronous policy fetching whenever possible
(fixes multiple issues)Source code released under GNU General Public License, version 2.0
Version 11.0.39
Released Aug 21, 2020 - 580.29 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.39
============================================================
x Fix reload loops on broken file: HTML documents (thanks
bernie for report)
x [XSS] Updated HTML event attributes
x Local policy fallback for file: and ftp: URLs using
window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Added "Revoke temporary permissions on NoScript updates,
even if the browser is not restarted" advanced option
x Let temporary permissions survive NoScript updates
(shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
URLs (e.g. file:///...)
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
lists in popup
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)Source code released under GNU General Public License, version 2.0
Version 11.0.38
Released Aug 13, 2020 - 574.35 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.38
============================================================
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bnSource code released under GNU General Public License, version 2.0
Version 11.0.37
Released Aug 10, 2020 - 574.32 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.37
============================================================
x Simpler and more reliable sendSyncMessage implementation
and usage
x sendSyncMessage support for multiple suspension requests
(should fix extension script injection issues)
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.0.36
Released Aug 7, 2020 - 574.57 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.36
============================================================
x Fixed regression: temporary permissions revocation not
working anymore on privileged pages
x SendSyncMessage script execution safety net more
compatible with other extensions (e.g. BlockTube)Source code released under GNU General Public License, version 2.0
Version 11.0.35
Released Aug 5, 2020 - 574.41 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.35
============================================================
x Avoid unnecessary reloads on temporary permissions
revocation
x [UI] Removed accidental cyan background for site labels
x [L10n] Updated es
x Work-around for conflict with extensions inserting
elements into content pages' DOM early
x [XSS] Updated HTML events
x Updated TLDs
x Fixed buggy policy references in the Options dialog
x More accurate NOSCRIPT element emulation
x Anticipate onScriptDisabled surrogates to first script-src
'none' CSP violation
x isTrusted checks for all the content events
x Improved look in mobile portrait mode
x Let SyncMessage prevent undesired script execution
scheduled during suspensionSource code released under GNU General Public License, version 2.0
Version 11.0.34
Released Jul 10, 2020 - 573.82 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.34
============================================================
x Fixed regression breaking network-based CSP injectionSource code released under GNU General Public License, version 2.0