NoScript Security Suite Version History

424 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 10.1.4 346.6 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.4
=============================================================
x Fixed script enablement feedback dependant on page's own
CSP (thanks Rob Wu for reporting)
x Fixed MSE detection injection using window.eval (thanks
Rob Wu for reporting)
x Fixed window being resized and NoScript UI shown in a
separate popup when triggered on a maximized window
x General performance improvement by removing unnecessary
asynchronous webRequest listeners

Version 10.1.3 345.9 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.3
=============================================================
x Hotfix for wiped TRUSTED permissions
x Hotfix for NoScript failing to load if XSS was disabled in
previous session

Version 10.1.3c3 345.8 KiB Works with Firefox for Android 57.0 and later, Firefox 57.0 and later

v 10.1.3rc3
=============================================================
x Fixed immutable permissions for TRUSTED and UNTRUSTED
presets negating all the others (thanks Stefan Scholl for
reporting)
x Work-around for Moz Bug #1402110 (thanks David Ross for
reporting)
x Fixed XSS whitelist not being cleared from Options
x Fixed XSS whitelist trying to using sync even if disabled (
thanks Rob Wu for reporting)

Version 10.1.3c1 340.3 KiB Works with Firefox 57.0 and later

v 10.1.3rc1
=============================================================
+ Work-around for Firefox not displaying NOSCRIPT elements on
pages where scripts are blocked by CSP
+ The Alt+Shift+N shortcut now opens the NoScript UI also on
windows with no toolbars containing NoScript's icon
x "unsafe" (non-HTTPS) matching is now automatically selected
on non-HTTPS pages (fixes the perception that you set a
site to TRUSTED and it reverted to DEFAULT)
x Full addresses are shown again to be choosen in UI, together
with base domains
x Better auto-reload logic
x Fixed NoScript back-end to work also if sync storage is
disabled (thanks Rob Wu for reporting)
x Fixed potential fingerprinting through placeholder icon
(thanks Rob Wu for reporting)

Version 10.1.2 308.5 KiB Works with Firefox 57.0 and later

v 10.1.2
=============================================================
+ Added "Revoke temporary permissions" button
+ Added "Temporarily allow all this page" button
x Simplified popup listing, showing base domains only (full
origin URLs can still be entered in the Options window to
further tweak permissions)
x Fixed UI not launching in Incognito mode
x Fixed changing permissions in the CUSTOM preset affecting
the DEFAULT permissions sometimes
x Fixed UI almost unusable in High Contrast mode
x Fixed live bookmark feeds blocked if "fetch" permissions
were not given
x Fixed background requests from other WebExtensions being
blocked

Version 10.1.1 570.7 KiB Works with Firefox 57.0 and later

10.1.1
=============================================================
+ First pure WebExtension release.
+ CSP-based first-party script script blocking
+ Active content blocking with DEFAULT, TRUSTED, UNTRUSTED and
CUSTOM (per site) presets
+ Extremely responsive XSS filter leveraging the webRequest asynchronous API
+ On-the-fly cross-site requests whitelisting

Next to come: ClearClick and ABE (in the next few weeks).

Version 5.1.7 758.9 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

5.1.7
=============================================================
x [Surrogate] Fixed regression breaking source matching in
5.1.6 (thanks astian for reporting)

Version 5.1.6 758.9 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

5.1.6
=============================================================
x [Fx58] Fixed complete breakage due to nsIPrefBranch changes
in 58 (for Firefox Developer Edition users)

Version 5.1.5 758.6 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.1.5
=============================================================
x Fixed content process cross-framescript leak (thanks
dorando for patch)
x [ESR] Fixed bookmarklets not being executed (thanks Jim
Thompson for reporting)

Version 5.1.4 791.7 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.1.4
=============================================================
x [Nightly] Fixed Import/Export Options button
x Fixed bookmarlets broken when scripts globally allowed
(thanks filip for reporting)
x [Tor Browser] Fixed jumping icon on updates (ticket #23968)
x [Surrogate] Better sandbox memory management
- Removed special Add-ons manager uninstall warning hooks

Version 5.1.3 792.3 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.1.3
=============================================================
x [e10s] Fixed some bookmarklet / URL bar JavaScript emulation
multi-process regressions
x [Palemoon] Fixed NoScript button position not customizable
on the first window (thanks yes_noscript for reporting)
x Fixed bookmarklet execution subject to AllowURLBarJS too
x Fixed Palemoon urlbar breakage on browser restart
x [Whitelist] about:tabcrashed made mandatory (internal)

Version 5.1.2 792.1 KiB Works with Firefox 52.0 - 56.*, SeaMonkey 2.42 - *

v 5.1.2
=============================================================
x Fixed allowing scripts on one tab blocking them in other (
torproject.org issue #23747, thanks cypherpunks for report)
x Fixed startup sequence
+ [Whitelist] about:tabcrashed added to default whitelist
x Added unlimitedStorage WebExtensions permissions for safer
preferences migration
x Fixed some restartless lifecycle quirks
x Fixed toolbar button position changes across upgrades
x Fixed NoScript release notes page shown upon restartless
updates, rather than on next restart
x Fixed Tor Browser's extension preference overrides ignored
by NoScript
x Fixed status bar not recognized on some browsers still
supporting it
x Work-around for the Tor Browser preventing NoScript from
resolving its own UI's XML entities

Version 5.1.1 790.6 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.1.1
=============================================================
x Fixed regression breaking webworkers (e.g. on Protonmail)

Version 5.1.0 790.6 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.1.0
=============================================================
x Fixed placeholders not shown in Fx 57 and above
x [WebExtension] Reduced legacy settings backup size
x [Nightly] Work-around for nsIDOMHTML* interfaces removal
+ Restartless (bootstrapped) desktop version, and most likely
the last hybrid (embedded WebExtension) before the pure
WebExtension release

Version 5.0.10 612.6 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0.10
=============================================================
x Fixed some moz-webextension: subrequests blocked in content
blocking mode
- Removed whitelist and surrogate references to persona.org
x [Seamonkey] Fixed status bar visibility regression (thanks
Mc for reporting)
x [Nightly] Fixed various XSS filter UI breakages
x [Nightly] Patched deprecated usages of nsIURI.path
x [XSS] Fixed false positive on amazonaws.com (thanks Robby
Stokoe for reporting)
x [Surrogate] New ampush.io tracker surrogate (thanks barbaz)

Version 5.0.9 612.0 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0.9
=============================================================
x [WebExt] Make sure the embedded WebExtension cannot
interfere with the legacy side beside preference migration
x [Nightly] Fixed breakage from bug 1390106
x [Nightly] Work-around for HTMLEmbedElement removal
x [Nightly] Fixed first run UI visibility check
x [XSS] Work-around for Google notifications false positive
x [Nightly] Fixed startup breakage
x [Surrogates] Fixed noisy google-analytics replacement
x [Nightly] Fixed view-source: breakage

Version 5.0.8.1 547.2 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0.8.1
=============================================================
x [ABE] XHR matches both TYPE_XMLHTTPREQUEST and TYPE_FETCH
x [ABE] Updated INCLUSION types to match newest specific
types from nsIContentType constants. OTHER still matches
any type except "historically supported" ones (SCRIPT, CSS,
IMAGE, OBJ, OBJSUB, MEDIA, FONT, SUBDOC, XBL, PING, XHR,
DTD) for backward compatibility: please use
UNKNOWN to match just TYPE_OTHER (i.e. request whose type
is not specifically mapped yet by the nsIContentType API).
x [e10s] Fixed INCLUSION type marked as OTHER for any request
when Electrolysis is enabled (thanks barbaz for reporting)
x [XSS] Fixed excessive recursion causing GC-related hangs on
some ads-intensive websites (like der-postillion.de)

Version 5.0.7.1 547.2 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0.7.1
=============================================================
x [WebExt] Fixed incompatibility with Firefox 54
x [WebExt] Initiated preference migration via embedded
WebExtension
x [e10s] Fixed HTTP redirection issues with e10s enabled
(thanks PLD for reporting)
x [Surrogate] Updated googletag replacement (thanks barbaz)
x Fixed HTML5 Media documents blockage delay if no other
embedded content is forbidden (thanks Georg Koppen for
reporting)
x [XSS] Fixed bug causing false positives (thanks Georg
Koppen for reporting)

Version 5.0.6 546.8 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0.6
=============================================================
x [XSS] Fixed performance regression in handling of big JSON
payloads causing the browser to freeze on loading pages
with Facebook tracking subframes
x [Surrogates] Updated ga replacement (thanks barbaz)
x [L10n] Updated tr (thanks Volkan Gezer)
x [L10n] Updated de (thanks milupo)
x [XSS] Fixed regression in window.name sanitization
(thanks Gareth Heyes for reporting)
x [XSS] Work-around for Mavo-script operator translation side
effects (thanks Gareth Heyes for reporting)

Version 5.0.5 544.7 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0.5
=============================================================
x [XSS] Updated XSS filter with latest Gecko Atoms and ES
features (thanks Maxim Rupp for reporting)
+ [XSS] Added countermeasures against XSS vectors exploiting
Mavo-script template expressions (thanks Krzysztof Kotowicz
and Gareth Heyes for reporting)

Version 5.0.4 544.6 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0.4
=============================================================
+ [XSS] Added countermeasures against several vectors
exploiting client-side JavaScript templating frameworks
(thanks Krzysztof Kotowicz and Sebastian Lekies for their
research)
x [XSS] Fixed e10s-related regression in window.name
sanitization (thanks Krzysztof Kotowicz for reporting)
x Fixed "Allow local links" breaking file:/// URL loading in
Gecko 53 and above
x Fixed JSON viewer working only on JavaScript-enabled URLs

Version 5.0.3 544.3 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0.3
=============================================================
x Fixed global JavaScript enablement for HTTPS sites breaking
the UI (Tor ticket #21923)
+ noscript.webext.enabled preference to control embedded
WebExtension startup
x Fixed XHR regression (thanks Oleksandr Popov for reporting)
x Fixed compatibility issues with some WebExtensions (thanks
Oleksandr Popov for reporting)

Version 5.0.2 544.2 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0.2
=============================================================
x Fixed thumbnails broken even if noscript.bgThumbs.allowed
is true (thanks rick for reporting)
x [e10s] Restored absolutely positioned elements removal by
mousedown + DEL key (broken by e10s)
x Absolutely positioned elements removal by mousedown + DEL
key now working also on whitelisted pages (controlled by
noscript.eraseFloatingElements about:config preference,
thanks MegaWolf for RFE)
x Fixed blocked XHR requests in frames not reflected in the
menu UI (thanks aocab and barbaz for reporting)
x [Locale] Improved nl translation (thanks Kris)

Version 5.0.1 544.2 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0.1
=============================================================
x Fixed regression, some sites not being shown in UI
x Fixed recently blocked menu not working on e10s

Version 5.0 544.0 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

v 5.0
=============================================================
+ Embedded WebExtension
x Dramatically Improved UI synchronization performance impact
on load-intensive web pages (thanks Rob Wu)
x [e10s] Fixed permissions out of sync when content processes
are more than one (thanks Ian Fennel for report)
x [Surrogates] Update google-analytics replacement (thanks
ng4never for reporting and barbaz for implementation)

Version 2.9.5.3 542.1 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

Version 2.9.5.2 542.6 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.43 - *

v 2.9.5.2
=============================================================
x Fixed Stylish editor breakage (thanks JustAnotherGuy for
reporting
x Fixed media blocking delayed with Tor Browser's "Medium"
Security Sider preset
x Fixed frame blocking issues
x Fixed top-level media loads issues
x Fixed apparent delay in menu UI feedback (thanks mechadon
for reporting)
x Fixed some XSS filter over-sensitivity regressions
x Fixed "Allow local links" causing file:// URLs to fail
x [Locale] Updated nl (thanks Ton)

Version 2.9.5.1 541.6 KiB Works with Firefox 45.0 - 56.*, SeaMonkey 2.42 - *

2.9.5.1
=============================================================
x Fixed some pages not loading on 1st attempt when e10s is
enabled (thanks Semtex for reporting)

2.9.5
=============================================================
+ Full e10s compatibility
x Fixed big whitelists being reset to default permissions on
e10s-enabled browsers (thanks sabret00the and Internet User
for reporting)
x Better fix for some embedding permissions issues (thanks
barbaz for reporting)
x MediaSource blocking support (Tor Project)
x Better handling of media types loaded as top-level
documents
x Declared (but untested) Palemoon support (thanks barbaz)
x [System Principal] included in the mandatory allowed list
x Fixed allow scripts globally requiring a restart (thanks
FFreestyleRR for reporting
x Fixed embeddings autoreload on e10s-disabled browsers
^ TODO: MediaSource blocking support
x Improved autoreload responsiveness and precision
x Fixed IFrame over-blocking bug (thanks G113 for report)
x Fixed sites involved in background requests being not
reported in the UI, even if intercepted and/or blocked (
thanks GH113 for reporting)
x Fixed typo in PasteHandler (thanks barbaz for reporting)
x Fixed embedding-related automatic reload issues (thanks
barbaz and tmeader for reporting)
x Fixed compatibility regression with Firefox 45
x [Surrogate] Fixed file:// replacements broken (thanks
barbaz for reporting)
^ TODO: MediaSource blocking support
x Fixed typo in XSS filter breaking JSON cross-site requests
x Fixed automatic reload issues (thanks GH113 for reporting)
x Fixed UI not always synchronized on startup (thanks GH113
for reporting)
x Fixed incompatibilities with older Firefox down to 45
(thanks barbaz for reporting)
x Fixed automatic reload impossible to be disabled (thanks
GH113 for reporting)
x Fixed UI initially not synced on new windows (thanks GH113
for reporting)
x Fixed bug in secure cookie enforcement upgrading all the
unsecure cookies on secure connections even if a secure
cookie for the domain existed, increasing chances of
incompatibilities (thanks PDL for reporting)
x Fixed escaping issues in the noscript.js preference file
(thanks PDL for reporting)

Version 2.9.0.14 551.4 KiB Works with Firefox 13.0 - 56.*, SeaMonkey 2.10 - *

v 2.9.0.14
=============================================================
x Fixed live bookmarks in Firefox 48 or above

Version 2.9.0.13 551.4 KiB Works with Firefox 13.0 - 56.*, SeaMonkey 2.10 - *

v 2.9.0.13
=============================================================
x Added missing "s" in noscript.mandatory/about:feeds