NoScript Security Suite Version History

709 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 1.9.9.63 465.9 KB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.63
==========================================================================
x Removed ":0" wildcards from NoScript menu in ignorePorts=false mode to
prevent confusing behaviors (thanks al_9x for suggestion)
+ Embedding-only sites are shown in the Untrusted menu if placeholders are
set to be hidden for untrusted embeddings (thanks al_9x for suggestion)

v 1.9.9.62
==========================================================================
x Improved XSS filter sensitivity for Base64-encoded payloads (thanks
Stefano Di Paola for suggestion)
x Improved Facebook connect compatibility (thanks Peter Alexander for
reporting)
x Removed __count__ usage in DNS cache management (SpiderMonkey compat)
x Fixed "Attempt to fix Javascript links" not working when the javascript:
scheme is mixed-case (thanks al_9x for reporting)

Version 1.9.9.61 464.9 KB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.61
==========================================================================
x Fixed InjectionChecker infinite recursion bug on certain requests
(thanks dhouwn for reporting)
x Fixed plugin activation patches not being applied under some
circumstances

v 1.9.9.60
==========================================================================
+ Pluggable site info page (default http://noscript.net/info/%utf8%;%ace%)
can be opened by middle-click or shift+click on any site entry in
NoScript's menus, and can be configured by editing the
noscript.siteInfoProvider about:config preference
+ More user-friendly management of non-standard TCP ports
x Fixed release notes page might break session restore sometimes
x Locale files maintenance
+ Object sources won't appear in main menu when embedding restrictions
apply to whitelist; previous behavior can be restored by setting the
noscript.alwaysShowObjectSources to false (thanks al_9x for RFE)

v 1.9.9.59
==========================================================================
x Better management of cached requests
x Fixed allowing objects from "Blocked objects" reloading only the first
of each URL/mime pair group (thanks al_9x for reporting)
x Improved Facebook widgets compatibility (thanks Peter Alexander and
Chuck Mullen for reporting)
x Fixed "Allow scripts globally" setting being ignored by the bulk
configuration import feature (thanks Mike Perry for reporting)
x Fixed "Mark as untrusted" menu items being shown in "Allow scripts
globally" mode even if both "Untusted" and "Mark as untrusted" are
unchecked in the Appearace options tab (thanks Mike Perry for reporting)
x Improved bookmarklets support
x Minor bug fixes in jolly port matching
x Improved Anti-Popunder surrogate (thanks justaguest for reporting)

v 1.9.9.58
==========================================================================
x Fixed HTMLObjectElement plugin content being blocked by X-Frame-Options
checks (thanks Titioz for reporting)
x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=553901

Version 1.9.9.57 465.9 KB Works with Firefox 1.5 - 3.7a4pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.57
==========================================================================
x Fixed feed subscription broken on sites implementing X-Frame-Policy
(regression from 1.9.9.56, thanks al_9x for reporting)
x Included js.wlxrs.com in default whitelist in order to make Hotmail
login work out-of-the-box for new users

Version 1.9.9.50 464.9 KB Works with Firefox 1.5 - 3.7a4pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.50
==========================================================================
+ Updated ABE grammar to use new AddressMatcher syntactic sugar
+ Alert about ABE syntax errors when option dialog gets focused after a
ruleset editing (thanks al_9x for suggestion)

v 1.9.9.49
==========================================================================
+ .x.y AddressMatcher syntactic sugar, matching both x.y and *.x.y (thanks
al_9x for suggestion)
+ InjectionChecker speed and accuracy improvements
x Fixed top-level site not being correctly positioned and highlighted in
permissions menu sometimes (thanks nagan for report)
x Fixed post-XSS "Unsafe reload" not working properly sometimes

v 1.9.9.48
==========================================================================
x Fixed a second level InjectionChecker bypass, requiring an open redirect
which accepts and uses unfiltered data: URIs. Responsible disclosure by
the SecuriTeam Secure Disclosure (SSD) project
x Fixed reload on permission change being triggered on the nearest 10 tabs
only
x Fixed permanent address entry being added to the whitelist if domain is
already allowed upon bookmarklet execution (thanks Bobabo for report)
x Better UI behavior for URLs with non-standard ports (thanks al_9x for
report)
x Updated nb-NO localization

Version 1.9.9.47 465.9 KB Works with Firefox 1.5 - 3.7a2pre, Mobile 0.1 - 1.1a1, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.47
==========================================================================
x Fixed XSS checks skipped on some reloads (thanks Alejandro Rusell for
report)
x Improved content placeholder management
x Mobile version bump

v 1.9.9.46
==========================================================================
x Fixed uneeded tab reload issue related to untrusted subdomains (thanks
al_9x for reporting)
x Optimized reload checks for the "hundreds of tabs" case, in order to
prevent UI locking
x Improved XSS checks on file uploads, should not hang even on gigabytes
x Trunk compatibility version bump

Version 1.9.9.45 462.8 KB Works with Firefox 1.5 - 3.7a2pre, Mobile 0.1 - 1.1a1, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.45
==========================================================================
x Enhanced compatibility with Paypal encrypted buttons
x Fixed some anti-popunder surrogate incompatibilities

v 1.9.9.44
==========================================================================
x Fixed allowing a Flash object causing a page reload sometimes (thanks
al9_x for reporting)
x Script Surrogate to work around Facebook's "noscript" cookie
x Fixed minor incompatibilities caused by the anti-popunder surrogate

v 1.9.9.43
==========================================================================
x Fixed broken popup issue on some sites (thanks John for reporting)
x Fixed ghost sites in context menus on about:blank after a complex
frame structure with redirects has been shown in the same tab (thanks
simpleton for reporting)
x Fixed XSS false positive on certain nested URL patterns (thanks
NoRelationToNed for reporting)

Version 1.9.9.42 462.8 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.42
==========================================================================
+ ClearClick: more efficient code paths specific to Fx 3.6 and above
x Fixed zoom-related ClearClick false positives on Fx 3.6 and above
x Fixed fonts being reported as "unknown" type in Blocked Objects menu

v 1.9.9.41
==========================================================================
+ Fix for newline-based double-reflection InjectionChecker bypass (thanks
Sirdarckcat for reporting)
x Surrogate scripts from local files: surrogate's replacement is treated
as a file:// URL and resolved against current browser profile if it
starts with "file://", "./" or "../" (thanks Richard Stallman, Johan
Euphrosine and Sam Imtiaz)

v 1.9.9.40
==========================================================================
x Improved bookmarklet compatibility

Version 1.9.9.39 458.8 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.39
==========================================================================
x Fixed quirks mode triggered by surrogate execution on Gecko < 1.9.1
(thanks Power for suggestions)

v 1.9.9.38
==========================================================================
x Fix for some popups broken by 1.9.9.37

v 1.9.9.37
==========================================================================
x Fixed potential infinite loop occurring when window.open is called in a
recursive context, e.g. on Google Reader (thanks Qbert for reporting)
x Fixed mishandling of non-default 1 value for the proxiedDNS preference

Version 1.9.9.36 458.8 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.36
==========================================================================
+ Anti-Popunder surrogate now applies to all HTTP pages by default
+ DNS activity logging facility (disabled by default)
x Slight optimization of DNS lookups
x Temptative fix for https://bugzilla.mozilla.org/show_bug.cgi?id=501446
crasher (thanks timeless)

Version 1.9.9.35 457.7 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.35
==========================================================================
x Updated Firefox Mobile (Fennec) compatibility
x Improved and generalized Anti-Popunder surrogate

v 1.9.9.34
==========================================================================
+ Anti-Popunder surrogate extended to AWEmpire popunders (on empornium.us
by default, customizable in noscript.surrogates.popunder.sources)
x Fixed bug in bookmarklet support on about:blank (thanks Milind for
reporting)
x Improved InjectionChecker compatibility with letitbit.net uploads
x Improved InjectionChecker compatibility with Rapidshare uploads

v 1.9.9.33
==========================================================================
x Better HTTPS/HTTP redirection support (thanks ttt for reporting)

v 1.9.9.32
==========================================================================
+ Further InjectionChecker optimizations, providing a dramatic speed boost
on nested URLs (e.g. on iGoogle and many ad networks)

v 1.9.9.31
==========================================================================
+ InjectionChecker accuracy optimization, preventing false positives in
some edge cases with nested URLs (thanks Aditya K Sood for reporting)

Version 1.9.9.30 457.7 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.30
==========================================================================
+ Injection Checker compatibility with Livejournal comment posting
+ Improved ClearClick compatibility with Facebook applications

v 1.9.9.29
==========================================================================
x Temptative work-around for hard to reproduce content policy DOS false
positive on comcast.net (thanks Jim Too and Alan Baxter for reporting)

v 1.9.9.28
==========================================================================
x Work-around for a Flash player double-instantiation bug in Gecko 1.9.0
preventing some movies from playing (thanks secdroid for reporting)
- Removed placeholder enhancements for Gecko 1.8.x, due to unwanted side
effects on some sites

Version 1.9.9.27 456.7 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.27
==========================================================================
x Placeholder enhancements backported to Gecko 1.8.x
x Fixed missing placeholders on Gecko 1.8.x (thanks al9_x for reporting)

v 1.9.9.26
==========================================================================
x Reduced reflow chances on placeholder activation
x Improved InjectionChecker compatibility with Facebook Connect

v 1.9.9.25
==========================================================================
x Fixed Flash swallowed clicks regression on Gecko 1.8.x (thanks al9_x for
reporting)

v 1.9.9.24
==========================================================================
x Fixed "Temporarily allow" regression

v 1.9.9.23
==========================================================================
+ Specific scriptless partial permissions icon for partially allowed
framesets (thanks al9_x for reporting)
x Reduced disk activity on permission change (thanks al9_x for RFE)
x Work-around for a Java initialization failure

Version 1.9.9.22 456.7 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

Version 1.9.9.18 455.7 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.18
==========================================================================
x Removed residual compound attribute-based injection chance (thanks
Sirdarckcat for reporting)

v 1.9.9.17
==========================================================================
x Fixed residual crash issue when favicons need to be redirected to HTTPS
x Enhanced ClearClick compatibility with Photbucket

v 1.9.9.16
==========================================================================
+ Better object unblocking behavior, triggering a page reload if allowed
object has no layout (i.e. was meant to be scripted only), increasing
usability of trusted restrictions e.g. in VMWare Server's console
x Work-around for a Firefox image caching crashing bug triggered by HTTPS
enforcement on mixed content
x Improved compatibility with Ebay (thanks STB2008 for reporting)

Version 1.9.9.15 455.7 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.15
===================================================================
x Fixed HTTPS enforcement for embedded images breaking HTTP authentication
(thanks polie for report)
x Fixed XHR breakage when called from a Worker (thanks Apeiron for report)
x Skip link fixing on right click
x Improved bookmarklet execution mechanism
x Improved compatibility of InjectionChecker with Facebook Connect
x Improved compatibility of InjectionChecker with Lycos Mail

Version 1.9.9.14 454.7 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.14
==========================================================================
x Fixed page loading issues (hard to reproduce but reported by many)

v 1.9.9.13
==========================================================================
x Fixed page loading regression from "Hijack checks skip error pages"
optimization in 1.9.9.12 (hard to reproduce but reported by many)
x Fixed attribution of Romanian translation

Version 1.9.9.12 455.7 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.12
==========================================================================
+ Allowing a plugin object which size is not set reloads the page,
assuming that scripts are used to size it
+ Google Translate XSS exception
+ abine:* ClearClick subexception
+ Updated localizations
x Removed current URL leaking into RegExp properties if invisible link
detection is enabled
x Hijack checks must skip error pages (thanks luntrus for report)
x Fixed XSS false positive at travelocity.com (thanks Chris Lonsberry)

Version 1.9.9.11 454.7 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.11
==========================================================================
+ Reorganization of the "Embeddings" (FKA "Plugins") options panel
+ "Forbid <VIDEO>, <AUDIO>" option in the "Embeddings" panel
+ "Forbid @font-face" option in the "Embeddings" panel
+ ClearClick report id made selectable (thanks therube for RFE)

v 1.9.9.10
==========================================================================
+ Webfonts blocking from untrusted sources and on untrusted pages,
controlled by the noscript.forbidFonts about:config preference (UI
planned for later, thanks Mike Perry for RFE)
+ noscript.forbidMedia about:config preference controlling HTML 5 media
blocking independently from the "Forbid other plugins" setting (UI
planned for later)
+ Improved live object allowing/forbidding
x Fixed potential false positives generated by Spidermonkey's decompiler
artifacts

v 1.9.9.09
==========================================================================
x Fixed noscript.forbidData not being honored (thanks Chris for report)
x Fixed Trillian to Yahoo Mail! XSS false positive (thanks maryadavies and
Thomas for reports)

v 1.9.9.08
==========================================================================
x Fixed potential cache issues due by header cloning on internal redirects
(thanks GregThomas for report)

Version 1.9.9.07 451.6 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.07
==========================================================================
+ Improved Google Analytics surrogate, handling form submissions (thanks
Alan Baxter for report)

v 1.9.9.06
==========================================================================
+ Added https://mail.google.com/* to X-Frame-Options parent whitelist, in
order to allow GMail/Calendar mashups via extensions and GreaseMonkey
x Fixed noscript.forbidIFrameContext set to 0 blocking top-level web pages
loading (thanks al_9x for report)
x Fixed Yahoo! Mail login persistence issue (thanks Ronnie for report)

v 1.9.9.05
==========================================================================
+ Improved emulation of complex bookmarklet import sequences
x Fixed potential issue in new InjectionChecker C++ style comments code

v 1.9.9.04
==========================================================================
x Fixed header cloning bug in internal redirections
x Better management of C++ style comments in InjectionChecker
x Fixed legacy frames retargeting bug (thanks Andrew Fisher for reporting)

v 1.9.9.03
==========================================================================
+ noscript.frameOptions.enabled about:config preference to control if the
X-Frame-Options header must be honored
x noscript.frameOptions.parentWhitelist preference to exclude some parent
window from X-Frame-Options checks on their embedded frames
x Enhanced internal redirection mechanism
x Fixed Weave 0.7pre log window incompatibility

v 1.9.9.02
==========================================================================
x Improved InjectionChecker's heuristic (thanks Sirdarckcat for reporting)

Version 1.9.9.01 450.6 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.01
==========================================================================
x Fixed InjectionChecker micro-injecion scanning bug (thanks Sirdarckcat
for reporting)

v 1.9.9 (FKA 1.9.8.9)
==========================================================================
+ First public Strict Transport Security implementation, see
http://hackademix.net/2009/09/23/strict-transport-security-in-noscript/
x Fixed Javascript disabled in about:neterror pages if the broken
destination page is marked as untrusted (thanks al_9x for report)
x Improved HTTPS enforcement, honoring original referer
x Fixed a potential "unresponsive script" InjectionChecker condition
(thanks Sirdarckcat for reporting)
x Fixed help links not opening from NoScript's UI on Minefield
x Fixed ABE LOCAL symbol matching 172.16.0.0/16 rather than the
whole 172.16.0.0/12 (thanks Antal for reporting)

v 1.9.8.89
==========================================================================
x InjectionChecker optimization on long Base64 sequences (thanks skl
for report)

v 1.9.8.88
==========================================================================
x X-Frame-Options applied only to ultimate load, after redirection
(compatibility with IE8's and Chrome's implementation)
x Fixed Flash activation bug on Gecko

Version 1.9.8.86 448.5 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.8.86
====================================================================
x Fixed kongregate.com incompatibility (thanks jthill for report)

v 1.9.8.85
====================================================================
+ Updated MK locale
x QA for release

v 1.9.8.84
====================================================================
x Flash object emulation to fool SWFObject 2.2 version detection
without instantiating a real Flash object (thanks al9_x for test)

v 1.9.8.83
====================================================================
x Fixed bug in the new Flash early instantiation management (thanks
al9_x for reporting)

v 1.9.8.82
====================================================================
x Upper limit to bookmarklet setTimeout() emulation, in order to
prevent infinite pseudo-loops
x Improved InjectionChecker algorithms (thanks Sirdarckcat for
suggestions)
x Early URL-less Flash objects are instantiated only if Flash
permissions have been already granted to the origin site

v 1.9.8.81
====================================================================
x Fixed issue with early manipulation of Flash objects whose source
URL has not been set yet (thanks al9_x for reporting and Grump
Old Lady for proxy/VPN testing infrastructure)

Version 1.9.8.8 447.5 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.8.8
====================================================================
x Improved bookmarklet setTimeout() emulation (delay ordering is
honored and pseudo-recursion is supported)
x Update locales

v 1.9.8.72
====================================================================
x Moved the NoScript status label to the left of the status icon,
in order to avoid "jumps" when using the sticky menu (thanks nagan
and frsch for suggestions)
x Improved management of HTTPS forcing during HTTP redirections
x Fixed incompatibility with Minefield/3.7a1pre build 20090827
(thanks Itsnow for reporting)

v 1.9.8.71
====================================================================
+ "Recently blocked sites" now shows the object icon for trusted
sites which are listed because some content has ben blocked
x Fixed sites shown in "Recently blocked sites" if content-blocking
restrictions are applied even when no content has been blocked yet
(thanks Alan Baxter for reporting)

Version 1.9.8.7 447.5 KB Works with Firefox 1.5 - 3.5.*, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b2

v 1.9.8.7
====================================================================
x Fixed minor bugs in "Recent blocked sites" implementation
x Updated Rumenian
x Fixed encoding issue with configuration import/export/sync (thanks
m_c for reporting)

v 1.9.8.61
=====================================================================
+ Optimization of multiple regexp preferences
x Fixed XSS filter exceptions not being honored if URL contains
percent-encoded character which are invalid UTF-8 code points
(thanks Bueller007 for reporting)
x Fixed UTF8 overdecoding checks interfering with some Japanese sites
(thanks Bueller007 for reporting)

v 1.9.8.6
=====================================================================
+ Reset command in "Recently blocked sites" menu (thanks Fred for
suggestion)
+ For privacy reasons "Recently blocked sites" are erased everytime
user purges history
+ Temporary permissions are revoked and "Recently blocked sites" are
erased everytime user exits the "Private Browsing" mode
x Fixed DNS-sensitive frame blocking bug

v 1.9.8.5
=====================================================================
+ New "Recently blocked sites" menu to allow active content origins
which have been recently blocked but are unrelated with current
page (e.g. loaded in custom frames provided by extensions)
x Fixed some glitch in temporary permissions handling (thanks
computerfreaker for reporting)
x Simplified bookmarklet permissions granting
x Simplified ABERequest lifecycle management
x Prevented potential memory leak

Version 1.9.8.4 446.5 KB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.8.4
=====================================================================
x Fixed ABE internal redirection on DNS cache miss interfering with
injection checks under some circumstances

v 1.9.8.3
=====================================================================
+ Full HTML 5 event attributes InjectionChecker support
x Fixed DNS resolution notification causing event loop spinning and
perceived slowness of "Open all in tabs" command
x Removed InjectionChecker bypass (thanks Sirdarckcat for reporting)
+ Updated locales

v 1.9.8.2
=====================================================================
x Improved protection against DOS attacks (thanks Gereth Heyes for
testbed)

Version 1.9.8.1 438.3 KB Works with Firefox 1.5 - 3.6b1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.8.1
=====================================================================
x Fixed Mac OS X specific hang bug triggered by STATUS_RESOLVING DNS
notifications for some sub-requests

v 1.9.8
=====================================================================
+ ABE's caching DNS requests now send STATUS_RESOLVING notifications
(thanks al9_x for RFE)
x Improved injection checks (thanks Sirdarckcat for reporting)
x Fixed invalid chars in host names causing loads to fail without any
visible error feedback
x Work around for breakages caused by the .NET Framework Assistant,
http://adblockplus.org/blog/the-return-of-net-framework-assistant
+ ABE grammar source (ABE.g) included in the distributed XPI (thanks
al9_x for noticing its absence)

Version 1.9.7.9 437.2 KB Works with Firefox 1.5 - 3.6b1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.7.9
=====================================================================
x Improved XSS filter compatibility with some decimal coordinates
patterns
x Fixed JavaScript IFrame manipulation causes documents to be loaded
in a new window sometimes (thanks Derek Greentree for reporting)

v 1.9.7.86
=====================================================================
x Improved XSS filter compatibility with MySpace modules (thanks
Dixie for reporting)

v 1.9.7.85
=====================================================================
x Improved permission change speed for very long lists / very slow
CPUs (thanks Boyd Noorda for reporting)

v 1.9.7.84
=====================================================================
x Fixed HTTPS-forced subrequests being cancelled sometimes

v 1.9.7.83
=====================================================================
x Fixed plugin content could not be navigated through legacy frames

v 1.9.7.82
=====================================================================
x Fixed URL classifier not being called for hosts whose DNS record is
not cached yet by ABE (thanks "Fellow Noscripter" for reporting)

v 1.9.7.81
=====================================================================
x Fixed domain name resolution delayed for cached failed responses
after a network reconnection (thanks foxicat for reporting)

v 1.9.7.8
=====================================================================
x Fixed invisible links detection turning some links into absolutely
positioned if they have no layout on load (thanks dpmccabe for
reporting)
x Improved specificity of data: URL injection detection (thanks Tom
for reporting)

Version 1.9.7.7 436.2 KB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.7.7
=====================================================================
x Fixed DNS cache status interfering with HTTPS redirections

v 1.9.7.6
=====================================================================
+ Fixed HTTPS-bound active content restrictions preferences not being
honored sometimes (thanks Peter Meier for reporting)

v 1.9.7.5
=====================================================================
+ HTML 5 video and audio are blocked also when loaded as documents
in a frame or in a top-level window

v 1.9.7.4
=====================================================================
x Decoupled legacy frame blocking from "Forbid IFrames" (thanks
Grumpy Old Lady for reporting)

v 1.9.7.3
=====================================================================
x Fixed IFrame blocking being delayed to DNS resolution when ABE is
active (thanks Mike A. for reporting)
x Fixed Frame blocking leading to extra history entries on unblocking

v 1.9.7.2
=====================================================================
x Content serviced with the "Content-disposition: attachment" header
(forced downloads) should not be subject to plugin blocking
policies (thanks nagan for reporting)
x ABE checks should be skipped for XHR requests made from chrome

v 1.9.7.1
=====================================================================
x Inclusion type checks accomodating hosting errors in AOL gadgets,
outbrain.com widgets and E-junkie libraries
x Fixed es-CL locale metadata

Version 1.9.7 436.2 KB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.7
=====================================================================
x 1.9.6.96 RC repackaged for release

v 1.9.6.96
=====================================================================
x Fixed "Send to" context menu item broken Google Toolbar 5 (thanks
Juan Ignacio Gaviria for reporting)
x Fixed cache issues in non-ABE blocking context on Gecko < 1.9
caused by alternate blocking method for ABE "Deny" action (thanks
al9_x and Tom T for reporting)

v 1.9.6.95
=====================================================================
+ Signed XPI
x Fixed JS redirect detection overzelous on pages containing CSS
content-less links (thanks zaxy for reporting)
x Fixed issue with plugin content activation (thanks Mel Reyes for
reporting)

v 1.9.6.94
=====================================================================
x More informative error messages on failed XSS filter DOS attempt

v 1.9.6.93
=====================================================================
x Inclusion type checks play smoother on script dynamically served
with a wrong Content-type header
x Fixed temporarily allowing a class of objects from the Blocked
Objects menu not working sometimes (thanks Chad Morse for report)
x Fixed placeholders not working (invalid host name) on Gecko 1.8
(thanks hewee for report)

v 1.9.6.92
=====================================================================
x More accurate (and lenient towards misconfigured servers) inclusion
type checks (thanks makini and Sheilaq for reports)

v 1.9.6.91
=====================================================================
x Fixed HTTP Referer header being omitted when a DNS cached record is
not found for the request

Version 1.9.6.9 426.0 KB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.6.9
=====================================================================
x Fixed default whitelist not being installed on first run anymore
since 1.9.6's fix for multibyte temporary allow / mark as untrusted

Version 1.9.6.8 426.0 KB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.6.8
=====================================================================
x Inclusion content type checking now graces default file extensions
x Improved XSS filter pre-screening efficiency
x Prefixed content type based inclusion blocking message