NoScript Security Suite Version History

882 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 1.9.9.39 458.8 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.39
==========================================================================
x Fixed quirks mode triggered by surrogate execution on Gecko < 1.9.1
(thanks Power for suggestions)

v 1.9.9.38
==========================================================================
x Fix for some popups broken by 1.9.9.37

v 1.9.9.37
==========================================================================
x Fixed potential infinite loop occurring when window.open is called in a
recursive context, e.g. on Google Reader (thanks Qbert for reporting)
x Fixed mishandling of non-default 1 value for the proxiedDNS preference

Version 1.9.9.36 458.8 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.36
==========================================================================
+ Anti-Popunder surrogate now applies to all HTTP pages by default
+ DNS activity logging facility (disabled by default)
x Slight optimization of DNS lookups
x Temptative fix for https://bugzilla.mozilla.org/show_bug.cgi?id=501446
crasher (thanks timeless)

Version 1.9.9.35 457.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.35
==========================================================================
x Updated Firefox Mobile (Fennec) compatibility
x Improved and generalized Anti-Popunder surrogate

v 1.9.9.34
==========================================================================
+ Anti-Popunder surrogate extended to AWEmpire popunders (on empornium.us
by default, customizable in noscript.surrogates.popunder.sources)
x Fixed bug in bookmarklet support on about:blank (thanks Milind for
reporting)
x Improved InjectionChecker compatibility with letitbit.net uploads
x Improved InjectionChecker compatibility with Rapidshare uploads

v 1.9.9.33
==========================================================================
x Better HTTPS/HTTP redirection support (thanks ttt for reporting)

v 1.9.9.32
==========================================================================
+ Further InjectionChecker optimizations, providing a dramatic speed boost
on nested URLs (e.g. on iGoogle and many ad networks)

v 1.9.9.31
==========================================================================
+ InjectionChecker accuracy optimization, preventing false positives in
some edge cases with nested URLs (thanks Aditya K Sood for reporting)

Version 1.9.9.30 457.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.30
==========================================================================
+ Injection Checker compatibility with Livejournal comment posting
+ Improved ClearClick compatibility with Facebook applications

v 1.9.9.29
==========================================================================
x Temptative work-around for hard to reproduce content policy DOS false
positive on comcast.net (thanks Jim Too and Alan Baxter for reporting)

v 1.9.9.28
==========================================================================
x Work-around for a Flash player double-instantiation bug in Gecko 1.9.0
preventing some movies from playing (thanks secdroid for reporting)
- Removed placeholder enhancements for Gecko 1.8.x, due to unwanted side
effects on some sites

Version 1.9.9.27 456.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.27
==========================================================================
x Placeholder enhancements backported to Gecko 1.8.x
x Fixed missing placeholders on Gecko 1.8.x (thanks al9_x for reporting)

v 1.9.9.26
==========================================================================
x Reduced reflow chances on placeholder activation
x Improved InjectionChecker compatibility with Facebook Connect

v 1.9.9.25
==========================================================================
x Fixed Flash swallowed clicks regression on Gecko 1.8.x (thanks al9_x for
reporting)

v 1.9.9.24
==========================================================================
x Fixed "Temporarily allow" regression

v 1.9.9.23
==========================================================================
+ Specific scriptless partial permissions icon for partially allowed
framesets (thanks al9_x for reporting)
x Reduced disk activity on permission change (thanks al9_x for RFE)
x Work-around for a Java initialization failure

Version 1.9.9.22 456.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

Version 1.9.9.18 455.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.18
==========================================================================
x Removed residual compound attribute-based injection chance (thanks
Sirdarckcat for reporting)

v 1.9.9.17
==========================================================================
x Fixed residual crash issue when favicons need to be redirected to HTTPS
x Enhanced ClearClick compatibility with Photbucket

v 1.9.9.16
==========================================================================
+ Better object unblocking behavior, triggering a page reload if allowed
object has no layout (i.e. was meant to be scripted only), increasing
usability of trusted restrictions e.g. in VMWare Server's console
x Work-around for a Firefox image caching crashing bug triggered by HTTPS
enforcement on mixed content
x Improved compatibility with Ebay (thanks STB2008 for reporting)

Version 1.9.9.15 455.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.15
===================================================================
x Fixed HTTPS enforcement for embedded images breaking HTTP authentication
(thanks polie for report)
x Fixed XHR breakage when called from a Worker (thanks Apeiron for report)
x Skip link fixing on right click
x Improved bookmarklet execution mechanism
x Improved compatibility of InjectionChecker with Facebook Connect
x Improved compatibility of InjectionChecker with Lycos Mail

Version 1.9.9.14 454.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.14
==========================================================================
x Fixed page loading issues (hard to reproduce but reported by many)

v 1.9.9.13
==========================================================================
x Fixed page loading regression from "Hijack checks skip error pages"
optimization in 1.9.9.12 (hard to reproduce but reported by many)
x Fixed attribution of Romanian translation

Version 1.9.9.12 455.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.12
==========================================================================
+ Allowing a plugin object which size is not set reloads the page,
assuming that scripts are used to size it
+ Google Translate XSS exception
+ abine:* ClearClick subexception
+ Updated localizations
x Removed current URL leaking into RegExp properties if invisible link
detection is enabled
x Hijack checks must skip error pages (thanks luntrus for report)
x Fixed XSS false positive at travelocity.com (thanks Chris Lonsberry)

Version 1.9.9.11 454.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.11
==========================================================================
+ Reorganization of the "Embeddings" (FKA "Plugins") options panel
+ "Forbid <VIDEO>, <AUDIO>" option in the "Embeddings" panel
+ "Forbid @font-face" option in the "Embeddings" panel
+ ClearClick report id made selectable (thanks therube for RFE)

v 1.9.9.10
==========================================================================
+ Webfonts blocking from untrusted sources and on untrusted pages,
controlled by the noscript.forbidFonts about:config preference (UI
planned for later, thanks Mike Perry for RFE)
+ noscript.forbidMedia about:config preference controlling HTML 5 media
blocking independently from the "Forbid other plugins" setting (UI
planned for later)
+ Improved live object allowing/forbidding
x Fixed potential false positives generated by Spidermonkey's decompiler
artifacts

v 1.9.9.09
==========================================================================
x Fixed noscript.forbidData not being honored (thanks Chris for report)
x Fixed Trillian to Yahoo Mail! XSS false positive (thanks maryadavies and
Thomas for reports)

v 1.9.9.08
==========================================================================
x Fixed potential cache issues due by header cloning on internal redirects
(thanks GregThomas for report)

Version 1.9.9.07 451.6 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.07
==========================================================================
+ Improved Google Analytics surrogate, handling form submissions (thanks
Alan Baxter for report)

v 1.9.9.06
==========================================================================
+ Added https://mail.google.com/* to X-Frame-Options parent whitelist, in
order to allow GMail/Calendar mashups via extensions and GreaseMonkey
x Fixed noscript.forbidIFrameContext set to 0 blocking top-level web pages
loading (thanks al_9x for report)
x Fixed Yahoo! Mail login persistence issue (thanks Ronnie for report)

v 1.9.9.05
==========================================================================
+ Improved emulation of complex bookmarklet import sequences
x Fixed potential issue in new InjectionChecker C++ style comments code

v 1.9.9.04
==========================================================================
x Fixed header cloning bug in internal redirections
x Better management of C++ style comments in InjectionChecker
x Fixed legacy frames retargeting bug (thanks Andrew Fisher for reporting)

v 1.9.9.03
==========================================================================
+ noscript.frameOptions.enabled about:config preference to control if the
X-Frame-Options header must be honored
x noscript.frameOptions.parentWhitelist preference to exclude some parent
window from X-Frame-Options checks on their embedded frames
x Enhanced internal redirection mechanism
x Fixed Weave 0.7pre log window incompatibility

v 1.9.9.02
==========================================================================
x Improved InjectionChecker's heuristic (thanks Sirdarckcat for reporting)

Version 1.9.9.01 450.6 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.01
==========================================================================
x Fixed InjectionChecker micro-injecion scanning bug (thanks Sirdarckcat
for reporting)

v 1.9.9 (FKA 1.9.8.9)
==========================================================================
+ First public Strict Transport Security implementation, see
http://hackademix.net/2009/09/23/strict-transport-security-in-noscript/
x Fixed Javascript disabled in about:neterror pages if the broken
destination page is marked as untrusted (thanks al_9x for report)
x Improved HTTPS enforcement, honoring original referer
x Fixed a potential "unresponsive script" InjectionChecker condition
(thanks Sirdarckcat for reporting)
x Fixed help links not opening from NoScript's UI on Minefield
x Fixed ABE LOCAL symbol matching 172.16.0.0/16 rather than the
whole 172.16.0.0/12 (thanks Antal for reporting)

v 1.9.8.89
==========================================================================
x InjectionChecker optimization on long Base64 sequences (thanks skl
for report)

v 1.9.8.88
==========================================================================
x X-Frame-Options applied only to ultimate load, after redirection
(compatibility with IE8's and Chrome's implementation)
x Fixed Flash activation bug on Gecko

Version 1.9.8.86 448.5 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.8.86
====================================================================
x Fixed kongregate.com incompatibility (thanks jthill for report)

v 1.9.8.85
====================================================================
+ Updated MK locale
x QA for release

v 1.9.8.84
====================================================================
x Flash object emulation to fool SWFObject 2.2 version detection
without instantiating a real Flash object (thanks al9_x for test)

v 1.9.8.83
====================================================================
x Fixed bug in the new Flash early instantiation management (thanks
al9_x for reporting)

v 1.9.8.82
====================================================================
x Upper limit to bookmarklet setTimeout() emulation, in order to
prevent infinite pseudo-loops
x Improved InjectionChecker algorithms (thanks Sirdarckcat for
suggestions)
x Early URL-less Flash objects are instantiated only if Flash
permissions have been already granted to the origin site

v 1.9.8.81
====================================================================
x Fixed issue with early manipulation of Flash objects whose source
URL has not been set yet (thanks al9_x for reporting and Grump
Old Lady for proxy/VPN testing infrastructure)

Version 1.9.8.8 447.5 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.8.8
====================================================================
x Improved bookmarklet setTimeout() emulation (delay ordering is
honored and pseudo-recursion is supported)
x Update locales

v 1.9.8.72
====================================================================
x Moved the NoScript status label to the left of the status icon,
in order to avoid "jumps" when using the sticky menu (thanks nagan
and frsch for suggestions)
x Improved management of HTTPS forcing during HTTP redirections
x Fixed incompatibility with Minefield/3.7a1pre build 20090827
(thanks Itsnow for reporting)

v 1.9.8.71
====================================================================
+ "Recently blocked sites" now shows the object icon for trusted
sites which are listed because some content has ben blocked
x Fixed sites shown in "Recently blocked sites" if content-blocking
restrictions are applied even when no content has been blocked yet
(thanks Alan Baxter for reporting)

Version 1.9.8.7 447.5 kB Works with Firefox 1.5 - 3.5.*, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b2

v 1.9.8.7
====================================================================
x Fixed minor bugs in "Recent blocked sites" implementation
x Updated Rumenian
x Fixed encoding issue with configuration import/export/sync (thanks
m_c for reporting)

v 1.9.8.61
=====================================================================
+ Optimization of multiple regexp preferences
x Fixed XSS filter exceptions not being honored if URL contains
percent-encoded character which are invalid UTF-8 code points
(thanks Bueller007 for reporting)
x Fixed UTF8 overdecoding checks interfering with some Japanese sites
(thanks Bueller007 for reporting)

v 1.9.8.6
=====================================================================
+ Reset command in "Recently blocked sites" menu (thanks Fred for
suggestion)
+ For privacy reasons "Recently blocked sites" are erased everytime
user purges history
+ Temporary permissions are revoked and "Recently blocked sites" are
erased everytime user exits the "Private Browsing" mode
x Fixed DNS-sensitive frame blocking bug

v 1.9.8.5
=====================================================================
+ New "Recently blocked sites" menu to allow active content origins
which have been recently blocked but are unrelated with current
page (e.g. loaded in custom frames provided by extensions)
x Fixed some glitch in temporary permissions handling (thanks
computerfreaker for reporting)
x Simplified bookmarklet permissions granting
x Simplified ABERequest lifecycle management
x Prevented potential memory leak

Version 1.9.8.4 446.5 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.8.4
=====================================================================
x Fixed ABE internal redirection on DNS cache miss interfering with
injection checks under some circumstances

v 1.9.8.3
=====================================================================
+ Full HTML 5 event attributes InjectionChecker support
x Fixed DNS resolution notification causing event loop spinning and
perceived slowness of "Open all in tabs" command
x Removed InjectionChecker bypass (thanks Sirdarckcat for reporting)
+ Updated locales

v 1.9.8.2
=====================================================================
x Improved protection against DOS attacks (thanks Gereth Heyes for
testbed)

Version 1.9.8.1 438.3 kB Works with Firefox 1.5 - 3.6b1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.8.1
=====================================================================
x Fixed Mac OS X specific hang bug triggered by STATUS_RESOLVING DNS
notifications for some sub-requests

v 1.9.8
=====================================================================
+ ABE's caching DNS requests now send STATUS_RESOLVING notifications
(thanks al9_x for RFE)
x Improved injection checks (thanks Sirdarckcat for reporting)
x Fixed invalid chars in host names causing loads to fail without any
visible error feedback
x Work around for breakages caused by the .NET Framework Assistant,
http://adblockplus.org/blog/the-return-of-net-framework-assistant
+ ABE grammar source (ABE.g) included in the distributed XPI (thanks
al9_x for noticing its absence)

Version 1.9.7.9 437.2 kB Works with Firefox 1.5 - 3.6b1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.7.9
=====================================================================
x Improved XSS filter compatibility with some decimal coordinates
patterns
x Fixed JavaScript IFrame manipulation causes documents to be loaded
in a new window sometimes (thanks Derek Greentree for reporting)

v 1.9.7.86
=====================================================================
x Improved XSS filter compatibility with MySpace modules (thanks
Dixie for reporting)

v 1.9.7.85
=====================================================================
x Improved permission change speed for very long lists / very slow
CPUs (thanks Boyd Noorda for reporting)

v 1.9.7.84
=====================================================================
x Fixed HTTPS-forced subrequests being cancelled sometimes

v 1.9.7.83
=====================================================================
x Fixed plugin content could not be navigated through legacy frames

v 1.9.7.82
=====================================================================
x Fixed URL classifier not being called for hosts whose DNS record is
not cached yet by ABE (thanks "Fellow Noscripter" for reporting)

v 1.9.7.81
=====================================================================
x Fixed domain name resolution delayed for cached failed responses
after a network reconnection (thanks foxicat for reporting)

v 1.9.7.8
=====================================================================
x Fixed invisible links detection turning some links into absolutely
positioned if they have no layout on load (thanks dpmccabe for
reporting)
x Improved specificity of data: URL injection detection (thanks Tom
for reporting)

Version 1.9.7.7 436.2 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.7.7
=====================================================================
x Fixed DNS cache status interfering with HTTPS redirections

v 1.9.7.6
=====================================================================
+ Fixed HTTPS-bound active content restrictions preferences not being
honored sometimes (thanks Peter Meier for reporting)

v 1.9.7.5
=====================================================================
+ HTML 5 video and audio are blocked also when loaded as documents
in a frame or in a top-level window

v 1.9.7.4
=====================================================================
x Decoupled legacy frame blocking from "Forbid IFrames" (thanks
Grumpy Old Lady for reporting)

v 1.9.7.3
=====================================================================
x Fixed IFrame blocking being delayed to DNS resolution when ABE is
active (thanks Mike A. for reporting)
x Fixed Frame blocking leading to extra history entries on unblocking

v 1.9.7.2
=====================================================================
x Content serviced with the "Content-disposition: attachment" header
(forced downloads) should not be subject to plugin blocking
policies (thanks nagan for reporting)
x ABE checks should be skipped for XHR requests made from chrome

v 1.9.7.1
=====================================================================
x Inclusion type checks accomodating hosting errors in AOL gadgets,
outbrain.com widgets and E-junkie libraries
x Fixed es-CL locale metadata

Version 1.9.7 436.2 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.7
=====================================================================
x 1.9.6.96 RC repackaged for release

v 1.9.6.96
=====================================================================
x Fixed "Send to" context menu item broken Google Toolbar 5 (thanks
Juan Ignacio Gaviria for reporting)
x Fixed cache issues in non-ABE blocking context on Gecko < 1.9
caused by alternate blocking method for ABE "Deny" action (thanks
al9_x and Tom T for reporting)

v 1.9.6.95
=====================================================================
+ Signed XPI
x Fixed JS redirect detection overzelous on pages containing CSS
content-less links (thanks zaxy for reporting)
x Fixed issue with plugin content activation (thanks Mel Reyes for
reporting)

v 1.9.6.94
=====================================================================
x More informative error messages on failed XSS filter DOS attempt

v 1.9.6.93
=====================================================================
x Inclusion type checks play smoother on script dynamically served
with a wrong Content-type header
x Fixed temporarily allowing a class of objects from the Blocked
Objects menu not working sometimes (thanks Chad Morse for report)
x Fixed placeholders not working (invalid host name) on Gecko 1.8
(thanks hewee for report)

v 1.9.6.92
=====================================================================
x More accurate (and lenient towards misconfigured servers) inclusion
type checks (thanks makini and Sheilaq for reports)

v 1.9.6.91
=====================================================================
x Fixed HTTP Referer header being omitted when a DNS cached record is
not found for the request

Version 1.9.6.9 426.0 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.6.9
=====================================================================
x Fixed default whitelist not being installed on first run anymore
since 1.9.6's fix for multibyte temporary allow / mark as untrusted

Version 1.9.6.8 426.0 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.6.8
=====================================================================
x Inclusion content type checking now graces default file extensions
x Improved XSS filter pre-screening efficiency
x Prefixed content type based inclusion blocking message

Version 1.9.5 412.7 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

v 1.9.5
=====================================================================
x Fixed forbidden objects in allowed documents not causing partially
allowed icon on first load in Gecko < 1.9 (thanks al9_x for report)
x Fixed forbidden objects in mixed trusted/blacklisted pages not
causing partially allowed icon (thanks al9_x for report)

v 1.9.4.91
=====================================================================
x Fixed late request cancelation of scripts preventing page from
complete loading
x Fixed refreshing ABE rulesets enabling back disabled local rulesets

v 1.9.4.9
=====================================================================
x Fixed DNS cache purging bug (thanks therube for reporting)

V 1.9.4.8
=====================================================================
x Parallelization of DNS activity bringing huge ABE performance gain
x Minor fixes in LOCAL policies enforcing

V 1.9.4.7
=====================================================================
x Fixed possible deadlock introduced in 1.9.4.6
x Fixed DNS cache purging bug

v 1.9.4.6
=====================================================================
x Refactoring of content policy related code
x Another memory optimization iteration
x Restored automatic Seamonkey profile install cleaner

v 1.9.4.5
=====================================================================
x Further memory footprint and performance ABE optimizations

v 1.9.4.4
=====================================================================
+ Origin tracing speed and accuracy improvements
+ Enhanced frame busting emulation
+ Further DNS optimizations

v 1.9.4.3
=====================================================================
x Optimized garbage collection in DNS 2nd level cache

v 1.9.4.2
=====================================================================
x Fixed mixed content SSL false positives when ABE enabled
x Fixed file:// entry added to whitelist everytime a 2nd level
domain gets allowed on Gecko >= 1.9 (thanks GµårÐïåñ for reporting)

v 1.9.4.1
=====================================================================
+ Implemented 2nd level DNS cache fixing some artifacts/crashes on
Google Maps and some latency issues in Gecko < 1.9 (thanks therube
and Alan Baxter for reporting)

v 1.9.4 RC2
=====================================================================
x Fixed page content getting randomly scrambled during heavily
concurrent loads when ABE's asynchronous networking is enabled
x Fixed password manager autofill failing sometimes (thanks Tommy Coe
for reporting)

v 1.9.4 RC1
=====================================================================
+ First stable ABE (Application Boundaries Enforcer) release
+ Improved JavaScript form submission emulation (thanks aladin235 for
reporting about Twitter logout button)
+ Asyncrhonous networking in Gecko >= 1.9 for ABE preflight requests
and DNS checks (can be turned off by noscript.asyncNetworking
about:config preference)
+ noscript.ABE.legacySupport about:config preference to enable ABE
on older, less supported platforms (Gecko < 1.9)
+ Modularized SeaMonkey uninstaller
+ Bookmarklet emulation made compatible with latest Fx 3.5 builds
x Better UI feedback about CAPS parsing artifacts

v 1.9.3.92
=====================================================================
x Fixed missing site rules being repeatedly fetched after 12 hours
timeout

v 1.9.3.91
=====================================================================
+ Added gstatic.com (Google Maps and other services) to the default
whitelist
x Fixed broken embeddings from file:// URLs (thanks Endor for report)

v 1.9.3.9
=====================================================================
x Fixed import/export buttons for whitelist and full configuration
overriding each other (thanks Alan Baxter for reporting)

v 1.9.3.8
=====================================================================
+ Precise reporting of ABE DNS failures
+ Automatically include browser origins in Accept predicates
x Lighter XSS checks, relying on ABE for pre-screening when possible
(preventing some timeout-related false positives and random hangs)

v 1.9.3.7
=====================================================================
+ More accurate NOSCRIPT web-bugs blocking, skipping same origin
images and scripted pages (thanks Jorgo for suggestion)
x Working link to ABE documentation in NoScript Options|Advanced|ABE
x Fixed ABE external editor failing to open on Mac OS X (thanks David
Bass for reporting)

v 1.9.3.6
=====================================================================
+ Improved Google Analytics script surrogates
+ New Imagefap anti-popup script surrogates
+ Seamonkey 1.x streamlined installation process (profile local
installations are not supported anymore, but switching to
browser-wide is automatic on update)
+ Seamonkey 1.x automatic uninstall procedure (button provided in
NoScript Options)

v 1.9.3.5
=====================================================================
+ Better placeholder management with weird plugin content nesting
(thanks nagan for request)
+ Faster and more streamlined cross-origin request tracking
x Fixed single aster ("*") glob pattern not compiling in URI pattern
lists (thanks Sirdarckcat for reporting)
x Fixed Fx 2 (Gecko < 1.9) non-secure requests for HTTPS-forced
resources being aborted rather than redirected (thanks al_9x for
reporting)

v 1.9.3.4
=====================================================================
+ First public Application Boundaries Enforcer (ABE) prototype, see
NoScript Options|Advanced|ABE
+ SYSTEM built-in ABE ruleset including one rule emulating LocalRodeo
(check http://databasement.net/labs/localrodeo/ and
http://databasement.net/labs/localrodeo/testcases.php )

Version 1.9.3.3 360.4 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

v 1.9.3.3
=====================================================================
x Fixed fatal exception on JSON XSS checks (thanks HeikoAdams for
report)

v 1.9.3.2
=====================================================================
x Fixed whitelist import/export broken by new global import/export (
thanks Tim Johnson for report)

v 1.9.3.1
=====================================================================
x Fixed automatic secure cookie management being enabled by default
(thanks therube for report)

v 1.9.3
=====================================================================
+ Redirect loops caused by HTTPS enforcement now trigger the standard
redirect loop error page (thanks Matt McCutchen for RFE)
x Fixed https-forced embedded objects not being loaded unless already
cached (thanks Matt McCutchen for report)

v 1.9.2.93
=====================================================================
x Fixed 1.9.2.92 regression breaking "Revoke temporary permissions"

v 1.9.2.92
=====================================================================
+ Improved bookmarklet support, trying to turn setTimeout calls into
synchronous ones and to execute trusted imported scripts (e.g.
in the Readability bookmarklet)
+ Slighty "beautifyed" JSON export format (one preference per line)
x Fixed 1.9.2.91 regression, preventing permissions changes made in
NoScript Options from being saved under some random circumstances
(thanks GµårÐïåñ for reporting)

v 1.9.2.91
=====================================================================
+ Import and Export buttons in NoScript Options to backup and restore
the whole NoScript configuration (preferences and permissions) to
and from a text file.

v 1.9.2.9
=====================================================================
+ Native media (audio/video HTML 5 elements) blocking
x Huge refactoring modularizing XSS, ABE, ClearClick, HTTPS extras
and utility classes

Version 1.9.2.8 371.7 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

1.9.2.8
=====================================================================
+ 100x speedup of bookmark-based configuration persistence
+ NoScript tries to synchronize its configuration with foreign
bookmarks when the "Backup configuration in bookmarks" gets enabled
in order to ease adding new "slaves"
x Excluded temporary permissions from bookmark-based synchronization
x Fixed XMark synchronization failing because of XMark's 4KB limit on
bookmark URIs
x Fixed opening the [NoScript] configuration bookmark hanging the
AutoPager extension
+ Disqus ClearClick exception
+ Feedly ClearClick exception

v 1.9.2.7
=====================================================================
+ "NoScript Options|Notification|Display release notes on update"
checkbox
x Fixed XSLT blocking regression

Version 1.9.2.6 360.4 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

v 1.9.2.6
=====================================================================
+ NoScript now automatically removes the controversial "NoScript
Development Support Filterset" deployed with NoScript 1.9.2.3 and
above on startup, permanently and with no questions asked.

Version 1.9.2 363.5 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

v 1.9.2
=====================================================================
+ Experimental "Backup NoScript configuration in a bookmark for easy
synchronization" feature (enable it in "NoScript Options|General")
x Fixed potential DNS leak in some proxied setups when opening URLs
with FQDNs as their hostnames (thanks Rolf Wendolsky for report).

Version 1.9.1.91 360.4 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

v 1.9.1.91
=====================================================================
x Fixed notifications reporting "Forbidden" on some partially allowed
pages

v 1.9.1.9
=====================================================================
x Fixed notifications reporting "Partially allowed" on fully allowed
pages (thanks Grant Parris for report)
x Fixed source code (view-source: originated) POST requests being
turned into GET requests

v 1.9.1.8
=====================================================================
+ New "partially allowed subcontent" icon to indicate that the top
site is blocked but some active sub-content (e.g. plugin objects
or frames) is enabled
+ New script sources inventory behavior reporting "Scripts Forbidden"
instead of "Scripts Partially Forbidden" even if 3rd party script
sources are allowed unless their hosting document is allowed too
+ New "noscript.clearClick.subexceptions" preference to list sources
of embedded content which don't need to be protected by ClearClick
x ClearClick compatibility with the "ShareThis" extension

Version 1.9.1.9 360.4 kB Works with Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

Bug fix extraordinary release:

v 1.9.1.9
=====================================================================
x Fixed notifications reporting "Partially allowed" on fully allowed
pages (thanks Grant Parris for report)
x Fixed source code (view-source: originated) POST requests being
turned into GET requests