NoScript Security Suite Version History

643 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.4rc5 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc5
==========================================================================
x Improved temporary permissions management during bookmarklet execution

v 2.4rc4
==========================================================================
x Fixed 2.4rc3 regression in url bar JavaScript execution

v 2.4rc3
==========================================================================
x Fixed bookmarklet couldn't be executed on blacklisted sites in "Globally
Allow" mode (thanks tharpa for reporting)

v 2.4rc2
==========================================================================
x [ClearClick] Fixed cross-site clicks blocked on Firefox < 3.6 (thanks
Janet Whipple for reporting)

v 2.4rc1
==========================================================================
x [Surrogate] Fixed surrogates broken on Nightly

Version 2.4rc4 510.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc4
==========================================================================
x Fixed 2.4rc3 regression in url bar JavaScript execution

v 2.4rc3
==========================================================================
x Fixed bookmarklet couldn't be executed on blacklisted sites in "Globally
Allow" mode (thanks tharpa for reporting)

v 2.4rc2
==========================================================================
x [ClearClick] Fixed cross-site clicks blocked on Firefox < 3.6 (thanks
Janet Whipple for reporting)

v 2.4rc1
==========================================================================
x [Surrogate] Fixed surrogates broken on Nightly

Version 2.4rc2 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc2
==========================================================================
x [ClearClick] Fixed cross-site clicks blocked on Firefox < 3.6 (thanks
Janet Whipple for reporting)

v 2.4rc1
==========================================================================
x [Surrogate] Fixed surrogates broken on Nightly

Version 2.4rc1 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc1
==========================================================================
x [Surrogate] Fixed surrogates broken on Nightly

Version 2.3.9rc4 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.3.9rc4
==========================================================================
x [ClearClick] Fixed false positives caused by accelerated graphics with
some plugin content

v 2.3.9rc3
==========================================================================
x Fixed compatibility regressions on Firefox 3.x
x Following links from the About dialog now closes it (thanks Guardian for
suggestons)
x Fixed NOSCRIPT META refreshes blocking not working when scripts are
globally allowed (thanks and Ken and Tom T. for reporting)

v 2.3.9rc2
==========================================================================
x [ClearClick] Fixed false positives (e.g. on embedded Vimeo movies) in
obscuration by windowed plugins checks

v 2.3.9rc1
==========================================================================
+ [ClearClick] More tolerant snapshot comparation algorithm (partially
backported from NSA) to reduce false positives (tweaked by the
noscript.clearClick.threshold percentage value in about:config)
- Removed about:credits from default whitelist

Version 2.3.9rc3 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.3.9rc3
==========================================================================
x Fixed compatibility regressions on Firefox 3.x
x Following links from the About dialog now closes it (thanks Guardian for
suggestons)
x Fixed NOSCRIPT META refreshes blocking not working when scripts are
globally allowed (thanks and Ken and Tom T. for reporting)

v 2.3.9rc2
==========================================================================
x [ClearClick] Fixed false positives (e.g. on embedded Vimeo movies) in
obscuration by windowed plugins checks

v 2.3.9rc1
==========================================================================
+ [ClearClick] Fuzzier snapshot comparation algorithm (partially
backported from NSA) to reduce false positives (tweaked by the
noscript.clearClick.threshold percentage value in about:config)
- Removed about:credits from default whitelist

Version 2.3.9rc2 510.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.3.9rc2
==========================================================================
x [ClearClick] Fixed false positives (e.g. on embedded Vimeo movies) in
obscuration by windowed plugins checks

v 2.3.9rc1
==========================================================================
+ [ClearClick] Fuzzier snapshot comparation algorithm (partially
backported from NSA) to reduce false positives (tweaked by the
noscript.clearClick.threshold percentage value in about:config)
- Removed about:credits from default whitelist

Version 2.3.9rc1 510.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.3.9rc1
==========================================================================
+ [ClearClick] More tolerant snapshot comparation algorithm (partially
backported from NSA) to reduce false positives (tweaked by the
noscript.clearClick.threshold percentage value in about:config)
- Removed about:credits from default whitelist

Version 2.3.8rc2 510.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.3.8rc2
==========================================================================
x Fixed 2.3.8rc1 regression slowing down flashvars parsing in some cases
(thanks fred for reporting)
x Fixed redirections in legacy frames not being blocked (thanks "utente"
for reporting)
x [Surrogate] Surrogate to fix broken buttons at Uniblue e-commerce site

v 2.3.8rc1
==========================================================================
+ Smart integration with the new browser-native click to play: if a plugin
object is manually allowed from NoScript's UI, it gets also natively
activated (noscript.smartClickToPlay about:config preference)
+ Improved active content identity tracking, to avoid redundant blocking
steps across reloads

Version 2.3.8rc1 510.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.8rc1
==========================================================================
+ Smart integration with the new browser-native click to play: if a plugin
object is manually allowed from NoScript's UI, it gets also natively
activated (noscript.smartClickToPlay about:config preference)
+ Improved active content identity tracking, to avoid redundant blocking
steps across reloads

Version 2.3.7rc5 509.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.7rc5
==========================================================================
x [ClearClick] Further refinements in TrafficLight compatibility and
"rapid fire" sensitvity

v 2.3.7rc4
==========================================================================
x [ClearClick] Further "rapid fire" protection sensitivity tweaking

v 2.3.7rc3
==========================================================================
x [ClearClick] Work-around for "rapid fire" protection interfering with
some add-ons, such as 1Password (thanks Mike Tselikman for report)

v 2.3.7rc2
==========================================================================
x [ClearClick] Compatibility with Bitdefender TrafficLight (thanks
Christopher A. M. Gerlach for reporting)

v 2.3.7rc1
==========================================================================
x [XSS] Enhanced InjectionChecker tolerance to certain URL patterns
containing domain-names as parameter values (thanks gazer75 for report)

Version 2.3.7rc4 509.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.7rc4
==========================================================================
x [ClearClick] Further "rapid fire" protection sensitivity tweaking

v 2.3.7rc3
==========================================================================
x [ClearClick] Work-around for "rapid fire" protection interfering with
some add-ons, such as 1Password (thanks Mike Tselikman for report)

Version 2.3.7rc3 509.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.7rc3
==========================================================================
x [ClearClick] Work-around for "rapid fire" protection interfering with
some add-ons, ssuch as 1Password (thanks Mike Tselikman for report)

v 2.3.7rc2
==========================================================================
x [ClearClick] Compatibility with Bitdefender TrafficLight (thanks
Christopher A. M. Gerlach for reporting)

v 2.3.7rc1
==========================================================================
x [XSS] Enhanced InjectionChecker tolerance to certain URL patterns
containing domain-names as parameter values (thanks gazer75 for report)

Version 2.3.7rc2 509.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.7rc2
==========================================================================
x [ClearClick] Compatibility with Bitdefender TrafficLight (thanks
Christopher A. M. Gerlach for reporting)

v 2.3.7rc1
==========================================================================
x [XSS] Enhanced InjectionChecker tolerance to certain URL patterns
containing domain-names as parameter values (thanks gazer75 for report)

Version 2.3.7rc1 508.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

x [XSS] Enhanced InjectionChecker tolerance to certain URL patterns
containing domain-names as parameter values (thanks gazer75 for report)

Version 2.3.6rc4 508.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.6rc4
==========================================================================
x Restored Nightly compatibility, broken by bug 719154

v 2.3.6rc3
==========================================================================
+ [ClearClick] improved compatibility with Disqus widgets (thanks El Cid
for reporting)
+ [AddressMatcher] Optimized trailing "*" in glob expressions

v 2.3.6rc2
==========================================================================
x Fixed origin URL detection flawed when certain wrapped URIs are loaded
(thanks Masato Kinugawa for reporting)

v 2.3.6rc1
==========================================================================
x [XSS] Fixed false positive with query string patterns mimicking array
access (thanks Aicke Schulz for reporting)

Version 2.3.6rc3 508.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.6rc3
==========================================================================
+ [ClearClick] improved compatibility with Disqus widgets (thanks El Cid
for reporting)
+ [AddressMatcher] Optimized trailing "*" in glob expressions

v 2.3.6rc2
==========================================================================
x Fixed origin URL detection flawed when certain wrapped URIs are loaded
(thanks Masato Kinugawa for reporting)

v 2.3.6rc1
==========================================================================
x [XSS] Fixed false positive with query string patterns mimicking array
access (thanks Aicke Schulz for reporting)

Version 2.3.6rc2 509.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.6rc2
==========================================================================
x Fixed origin URL detection flawed when certain wrapped URIs are loaded
(thanks Masato Kinugawa for reporting)

v 2.3.6rc1
==========================================================================
x [XSS] Fixed false positive with query string patterns mimicking array
access (thanks Aicke Schulz for reporting)

Version 2.3.6rc1 509.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.6rc1
==========================================================================
x [XSS] Fixed false positive with query string patterns mimicking array
access (thanks Aicke Schulz for reporting)

Version 2.3.5rc6 508.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.5rc6
==========================================================================
x Work-around for a Flash 32-bit issue (64-bit Firefox unaffected) causing
Google Music Player to fail (thanks DG42 for original report, Alan Baxter
for providing a test account, all the forum staff and many users for
their help in reproducing)

v 2.3.5rc5
==========================================================================
x [ABE] Fixed "Sandbox" action permanently disabling plugins, frames and
meta refreshes on the affected tab even if document changes (thanks
Tom T. and Patrick E. for reporting)

v 2.3.5rc4
==========================================================================
x [ClearClick] Better special-casing for same-site embedded objects

v 2.3.5rc3
==========================================================================
x [Surrogate] Global variables introduced by sandboxed surrogates are
attached as window properties after execution to fix recently surfaced
scope-related bugs

v 2.3.5rc2
==========================================================================
x [XSS] Further refinements in the window.name protection features (thanks
Masato Kinugawa for reporting)

v 2.3.5rc1
==========================================================================
x [XSS] Fixed window.name being checked only for JavaScript injections,
skipping pure HTML ones (thanks Masato Kinugawa for reporting)
x [XSS] Improved detection of javascript: URL injections

Version 2.3.5rc5 508.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.5rc5
==========================================================================
x [ABE] Fixed "Sandbox" action permanently disabling plugins, frames and
meta refreshes on the affected tab even if document changes (thanks
Tom T. and Patrick E. for reporting)

Version 2.3.5rc4 508.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.5rc4
==========================================================================
x [ClearClick] Better special-casing for same-site embedded objects

v 2.3.5rc3
==========================================================================
x [Surrogate] Global variables introduced by sandboxed surrogates are
attached as window properties after execution to fix recently surfaced
scope-related bugs

v 2.3.5rc2
==========================================================================
x [XSS] Further refinements in the window.name protection features (thanks
Masato Kinugawa for reporting)

v 2.3.5rc1
==========================================================================
x [XSS] Fixed window.name being checked only for JavaScript injections,
skipping pure HTML ones (thanks Masato Kinugawa for reporting)
x [XSS] Improved detection of javascript: URL injections

Version 2.3.5rc3 508.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.5rc3
==========================================================================
x [Surrogate] Global variables introduced by sandboxed surrogates are
attached as window properties after execution to fix recently surfaced
scope-related bugs

v 2.3.5rc2
==========================================================================
x [XSS] Further refinements in the window.name protection features (thanks
Masato Kinugawa for reporting)

v 2.3.5rc1
==========================================================================
x [XSS] Fixed window.name being checked only for JavaScript injections,
skipping pure HTML ones (thanks Masato Kinugawa for reporting)
x [XSS] Improved detection of javascript: URL injections

Version 2.3.5rc2 508.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.5rc2
==========================================================================
x [XSS] Further refinements in the window.name protection features (thanks
Masato Kinugawa for reporting)

Version 2.3.5rc1 508.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.5rc1
==========================================================================
x [XSS] Fixed window.name being checked only for JavaScript injections,
skipping pure HTML ones (thanks Masato Kinugawa for reporting)
x [XSS] Improved detection of javascript: URL injections

Version 2.3.4rc1 508.0 KiB Works with Firefox 3.0 - 13.0a1, SeaMonkey 2.0 - 2.10a1

v 2.3.4rc1
==========================================================================
x [ClearClick] Fixed subtle bug which may lead to infinite loops in some
cases (thanks GµårÐïåñ for reporting)

Version 2.3.3rc6 508.0 KiB Works with Firefox 3.0 - 13.0a1, SeaMonkey 2.0 - 2.10a1

v 2.3.3rc6
==========================================================================
+ Improved InjectionChecker logging
x Reduced false positive rate on HTML injection checks (thanks therube for
reporting)

v 2.3.3rc5
==========================================================================
x [ClearClick] Fixed clicking on some plugin content causing elements of
the parent page to become white (thanks Markus Wienand for report)
x [ClearClick] Fixed minor bugs triggered by ABP placeholders
x [ClearClick] Removed debug borders on some DOM elements from 2.3.3rc4

v 2.3.3rc4
==========================================================================
x [ClearClick] Fixed false positives introduced by 2.3.3rc3 sensitivity
enhancements

v 2.3.3rc3
==========================================================================
+ [ClearClick] Protection against partial obscuration via Flash objects
with OS-native wmode values (thanks David Lin-Shung Huang for reporting)
x [XSS] Further sensitivity tweaks

v 2.3.3rc2
==========================================================================
x [XSS] Better compatibility with some 3rd party ads on Ebay

v 2.3.3rc1
==========================================================================
x [XSS] Fixed false positive on dotted name-value assignments chained with
semicolons (e.g. on some Yahoo-served ads)

Version 2.3.3rc5 508.0 KiB Works with Firefox 3.0 - 13.0a1, SeaMonkey 2.0 - 2.10a1

v 2.3.3rc5
==========================================================================
x [ClearClick] Fixed clicking on some plugin content causing elements of
the parent page to become white (thanks Markus Wienand for report)
x [ClearClick] Fixed minor bugs triggered by ABP placeholders
x [ClearClick] Removed debug borders on some DOM elements from 2.3.3rc4

v 2.3.3rc4
==========================================================================
x [ClearClick] Fixed false positives introduced by 2.3.3rc3 sensitivity
enhancements

v 2.3.3rc3
==========================================================================
+ [ClearClick] Protection against partial obscuration via Flash objects
with OS-native wmode values (thanks David Lin-Shung Huang for reporting)
x [XSS] Further sensitivity tweaks

v 2.3.3rc2
==========================================================================
x [XSS] Better compatibility with some 3rd party ads on Ebay

v 2.3.3rc1
==========================================================================
x [XSS] Fixed false positive on dotted name-value assignments chained with
semicolons (e.g. on some Yahoo-served ads)

Version 2.3.3rc4 508.0 KiB Works with Firefox 3.0 - 13.0a1, SeaMonkey 2.0 - 2.10a1

Version 2.3.3rc3 508.0 KiB Works with Firefox 3.0 - 13.0a1, SeaMonkey 2.0 - 2.10a1

v 2.3.3rc3
==========================================================================
+ [ClearClick] Protection against partial obscuration via Flash objects
with OS-native wmode values (thanks David Lin-Shung Huang for reporting)
x [XSS] Further sensitivity tweaks

v 2.3.3rc2
==========================================================================
x [XSS] Better compatibility with some 3rd party ads on Ebay

v 2.3.3rc1
==========================================================================
x [XSS] Fixed false positive on dotted name-value assignments chained with
semicolons (e.g. on some Yahoo-served ads)