AMO is getting a new look. Would you like to see it?

Visit the new site

Close

NoScript Security Suite Version History

691 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.4.4rc2 512.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.4rc2
=========================================================================
x [Locale] Updated he-IL (thanks baryoni)
x Fixed early synthetic DNS notification causing blank stripe on the
bottom of the first browser window if started maximized or fullscreen
- Removed Firefox 2.x compatibility code

v 2.4.4rc1
=========================================================================
x Fixed regression from 2.4.3rc3 causing same-site stylesheets to be
checked for mime type mismatches and XSLT inclusions to be incorrectly
blocked (thanks hanfi for reporting)

Version 2.4.4rc1 512.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.4rc1
=========================================================================
x Fixed regression from 2.4.3rc3 causing same-site stylesheets to be
checked for mime type mismatches and XSLT inclusions to be incorrectly
blocked (thanks hanfi for reporting)

Version 2.4.3rc3 512.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.3rc3
=========================================================================
x Fixed JS links detection not resolving JS string escapes (thanks vyznev
for reporting)
x Fixed HTML 5 parser detection in META refresh processing being broken
by a removed browser preference
x Fixed exception raised by inclusion type checks when parent document's
URI has no host

v 2.4.3rc2
=========================================================================
+ [XSS] Better detection of free inline script injections (without string
literal evasion) inside function calls

v 2.4.3rc1
=========================================================================
+ The noscript.allowedMimeRegExp preference now applies also to Java,
Flash and Silverlight mime types

Version 2.4.3rc2 512.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.3rc2
=========================================================================
+ [XSS] Better detection of free inline script injections (without string
literal evasion) inside function calls

v 2.4.3rc1
=========================================================================
+ The noscript.allowedMimeRegExp preference now applies also to Java,
Flash and Silverlight mime types

Version 2.4.3rc1 512.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.3rc1
=========================================================================
+ The noscript.allowedMimeRegExp preference now applies also to Java,
Flash and Silverlight mime types

Version 2.4.2rc7 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.2rc7
=========================================================================
x [ABE] IPv6 link-local addresses (fe80:/10) are not considered belonging
to the LAN anymore for the purpose of cross-zone request forgery checks
in order to safely work-around DNS misconfiguration issues in the wild
(thanks siu and ralf for reporting)
x [ABE] Fixed router WEB UI fingerprinting failing on some devices
because of redirection loops

v 2.4.2rc6
==========================================================================
x [XSS] Fixed query string parsing bug in the new ASP-specific HPP
protection (thanks Soroush Dalili for reporting)

v 2.4.2rc5
==========================================================================
x [XSS] Fixed recursion bug preventing ASP-specific unicode encodings from
being correctly handled in presence of simultaneous HPP (thanks Soroush
Dalili for reporting)

v 2.4.2rc4
==========================================================================
x [XSS] Fixed regression blocking any suspect HPP attack silently (thanks
Soroush Dalili for reporting)

v 2.4.2rc3
==========================================================================
x [XSS] Protection against HPP attacks exploiting URL parsing quirks
specific to ASP Classic (thanks Soroush Dalili for reporting)

v 2.4.2rc2
==========================================================================
x Fixed first application updates check failing on Nightly (bug 754393)

v 2.4.2rc1
==========================================================================
x [XSS] Fixed false positive regression on some file hosting sites (thanks
Janne Maekelae for reporting)

v 2.4.1rc3
==========================================================================
x [XSS] Fixed bug in the InjectionChecker tokenization (thanks Phil
Purviance for reporting)
+ Added inclusion type check exception to the lesscss Google Code file
repository, often used as a CDN

v 2.4.1rc2
==========================================================================
+ [Surrogate] adagionet.com inclusion surrogate
x Fixed "Allow sites open through bookmarks" regression (thanks jerryi and
therube for reporting)

v 2.4.1rc1
==========================================================================
+ [XSS] Protection against exploitation of classic MS ASP's coalescing of
same-name query parameters (thanks Soroush Dalili for reporting)
+ [XSS] Protection against URL injections in in window.name
x [XSS] Fixed case-sensitivity bug in detection of unicode escape
sequences (thanks Masato Kinugawa for reporting)

Version 2.4.2rc6 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.2rc6
==========================================================================
x [XSS] Fixed query string parsing bug in the new ASP-specific HPP
protection (thanks Soroush Dalili for reporting)

v 2.4.2rc5
==========================================================================
x [XSS] Fixed recursion bug preventing ASP-specific unicode encodings from
being correctly handled in presence of simultaneous HPP (thanks Soroush
Dalili for reporting)

v 2.4.2rc4
==========================================================================
x [XSS] Fixed regression blocking any suspect HPP attack silently (thanks
Soroush Dalili for reporting)

v 2.4.2rc3
==========================================================================
x [XSS] Protection against HPP attacks exploiting URL parsing quirks
specific to ASP Classic (thanks Soroush Dalili for reporting)

v 2.4.2rc2
==========================================================================
x Fixed first application updates check failing on Nightly (bug 754393)

v 2.4.2rc1
==========================================================================
x [XSS] Fixed false positive regression on some file hosting sites (thanks
Janne Maekelae for reporting)

v 2.4.1rc3
==========================================================================
x [XSS] Fixed bug in the InjectionChecker tokenization (thanks Phil
Purviance for reporting)
+ Added inclusion type check exception to the lesscss Google Code file
repository, often used as a CDN

v 2.4.1rc2
==========================================================================
+ [Surrogate] adagionet.com inclusion surrogate
x Fixed "Allow sites open through bookmarks" regression (thanks jerryi and
therube for reporting)

v 2.4.1rc1
==========================================================================
+ [XSS] Protection against exploitation of classic MS ASP's coalescing of
same-name query parameters (thanks Soroush Dalili for reporting)
+ [XSS] Protection against URL injections in in window.name
x [XSS] Fixed case-sensitivity bug in detection of unicode escape
sequences (thanks Masato Kinugawa for reporting)

Version 2.4.2rc5 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.2rc5
==========================================================================
x [XSS] Fixed recursion bug preventing ASP-specific unicode encodings from
being correctly handled in presence of simultaneous HPP (thanks Soroush
Dalili for reporting)

v 2.4.2rc4
==========================================================================
x [XSS] Fixed regression blocking any suspect HPP attack silently (thanks
Soroush Dalili for reporting)

v 2.4.2rc3
==========================================================================
x [XSS] Protection against HPP attacks exploiting URL parsing quirks
specific to ASP Classic (thanks Soroush Dalili for reporting)

v 2.4.2rc2
==========================================================================
x Fixed first application updates check failing on Nightly (bug 754393)

v 2.4.2rc1
==========================================================================
x [XSS] Fixed false positive regression on some file hosting sites (thanks
Janne Maekelae for reporting)

Version 2.4.2rc4 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.2rc4
==========================================================================
x [XSS] Fixed regression blocking any suspect HPP attack silently (thanks
Soroush Dalili for reporting)

v 2.4.2rc3
==========================================================================
x [XSS] Protection against HPP attacks exploiting URL parsing quirks
specific to ASP Classic (thanks Soroush Dalili for reporting)

v 2.4.2rc2
==========================================================================
x Fixed first application updates check failing on Nightly (bug 754393)

v 2.4.2rc1
==========================================================================
x [XSS] Fixed false positive regression on some file hosting sites (thanks
Janne Maekelae for reporting)

v 2.4.1rc3
==========================================================================
x [XSS] Fixed bug in the InjectionChecker tokenization (thanks Phil
Purviance for reporting)
+ Added inclusion type check exception to the lesscss Google Code file
repository, often used as a CDN

v 2.4.1rc2
==========================================================================
+ [Surrogate] adagionet.com inclusion surrogate
x Fixed "Allow sites open through bookmarks" regression (thanks jerryi and
therube for reporting)

v 2.4.1rc1
==========================================================================
+ [XSS] Protection against exploitation of classic MS ASP's coalescing of
same-name query parameters (thanks Soroush Dalili for reporting)
+ [XSS] Protection against URL injections in in window.name
x [XSS] Fixed case-sensitivity bug in detection of unicode escape
sequences (thanks Masato Kinugawa for reporting)

Version 2.4.2rc3 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.2rc3
==========================================================================
x [XSS] Protection against HPP attacks exploiting URL parsing quirks
specific to ASP Classic (thans Soroush Dalili for reporting)

v 2.4.2rc2
==========================================================================
x Fixed first application updates check failing on Nightly (bug 754393)

v 2.4.2rc1
==========================================================================
x [XSS] Fixed false positive regression on some file hosting sites (thanks
Janne Maekelae for reporting)

Version 2.4.2rc2 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.2rc2
==========================================================================
x Fixed first application updates check failing on Nightly (bug 754393)

v 2.4.2rc1
==========================================================================
x [XSS] Fixed false positive regression on some file hosting sites (thanks
Janne Maekelae for reporting)

Version 2.4.2rc1 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.2rc1
==========================================================================
x [XSS] Fixed false positive regression on some file hosting sites (thanks
Janne Maekelae for reporting)

Version 2.4.1rc3 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.1rc3
==========================================================================
x [XSS] Fixed bug in the InjectionChecker tokenization (thanks Phil
Purviance for reporting)
+ Added inclusion type check exception to the lesscss Google Code file
repository, often used as a CDN

Version 2.4.1rc2 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.1rc2
==========================================================================
+ [Surrogate] adagionet.com inclusion surrogate
x Fixed "Allow sites open through bookmarks" regression (thanks jerryi and
therube for reporting)

v 2.4.1rc1
==========================================================================
+ [XSS] Protection against exploitation of classic MS ASP's coalescing of
same-name query parameters (thanks Soroush Dalili for reporting)
+ [XSS] Protection against URL injections in in window.name
x [XSS] Fixed case-sensitivity bug in detection of unicode escape
sequences (thanks Masato Kinugawa for reporting)

Version 2.4.1rc1 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4.1rc1
==========================================================================
+ [XSS] Protection against exploitation of classic MS ASP's coalescing of
same-name query parameters (thanks Soroush Dalili for reporting)
+ [XSS] Protection against URL injections in in window.name
x [XSS] Fixed case-sensitivity bug in detection of unicode escape
sequences (thanks Masato Kinugawa for reporting)

Version 2.4rc8 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc8
==========================================================================
x [XSS] Improved global exception injection detection
x [XSS] Fixed bug in late window.name payload checking (thanks Soroush
Dalili for reporting)

v 2.4rc6
==========================================================================
+ [Surrogate] Skimlinks surrogate script (thanks Drewett for reporting)

v 2.4rc5
==========================================================================
x Improved temporary permissions management during bookmarklet execution

v 2.4rc4
==========================================================================
x Fixed 2.4rc3 regression in url bar JavaScript execution

v 2.4rc3
==========================================================================
x Fixed bookmarklet couldn't be executed on blacklisted sites in "Globally
Allow" mode (thanks tharpa for reporting)

v 2.4rc2
==========================================================================
x [ClearClick] Fixed cross-site clicks blocked on Firefox < 3.6 (thanks
Janet Whipple for reporting)

v 2.4rc1
==========================================================================
x [Surrogate] Fixed surrogates broken on Nightly

Version 2.4rc7 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc7
==========================================================================
+ [Surrogate] Skimlinks surrogate script (thanks Drewett for reporting)
+ [XSS] Improved InjectionChecker detection of in-code multiple insertions
(thanks Krzysztof Kotowicz)
+ [XSS] InjectionChecker detection of single assignment evaluation through
global exception handling (thanks Gareth Heyes)
+ [Locale] Fixed broken overlay on Basque localized browsers (thanks afa
for reporting)

Version 2.4rc6 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc6
==========================================================================
+ [Surrogate] Skimlinks surrogate script (thanks Drewett for reporting)

v 2.4rc5
==========================================================================
x Improved temporary permissions management during bookmarklet execution

v 2.4rc4
==========================================================================
x Fixed 2.4rc3 regression in url bar JavaScript execution

v 2.4rc3
==========================================================================
x Fixed bookmarklet couldn't be executed on blacklisted sites in "Globally
Allow" mode (thanks tharpa for reporting)

v 2.4rc2
==========================================================================
x [ClearClick] Fixed cross-site clicks blocked on Firefox < 3.6 (thanks
Janet Whipple for reporting)

v 2.4rc1
==========================================================================
x [Surrogate] Fixed surrogates broken on Nightly

Version 2.4rc5 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc5
==========================================================================
x Improved temporary permissions management during bookmarklet execution

v 2.4rc4
==========================================================================
x Fixed 2.4rc3 regression in url bar JavaScript execution

v 2.4rc3
==========================================================================
x Fixed bookmarklet couldn't be executed on blacklisted sites in "Globally
Allow" mode (thanks tharpa for reporting)

v 2.4rc2
==========================================================================
x [ClearClick] Fixed cross-site clicks blocked on Firefox < 3.6 (thanks
Janet Whipple for reporting)

v 2.4rc1
==========================================================================
x [Surrogate] Fixed surrogates broken on Nightly

Version 2.4rc4 510.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc4
==========================================================================
x Fixed 2.4rc3 regression in url bar JavaScript execution

v 2.4rc3
==========================================================================
x Fixed bookmarklet couldn't be executed on blacklisted sites in "Globally
Allow" mode (thanks tharpa for reporting)

v 2.4rc2
==========================================================================
x [ClearClick] Fixed cross-site clicks blocked on Firefox < 3.6 (thanks
Janet Whipple for reporting)

v 2.4rc1
==========================================================================
x [Surrogate] Fixed surrogates broken on Nightly

Version 2.4rc2 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc2
==========================================================================
x [ClearClick] Fixed cross-site clicks blocked on Firefox < 3.6 (thanks
Janet Whipple for reporting)

v 2.4rc1
==========================================================================
x [Surrogate] Fixed surrogates broken on Nightly

Version 2.4rc1 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.4rc1
==========================================================================
x [Surrogate] Fixed surrogates broken on Nightly

Version 2.3.9rc4 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.3.9rc4
==========================================================================
x [ClearClick] Fixed false positives caused by accelerated graphics with
some plugin content

v 2.3.9rc3
==========================================================================
x Fixed compatibility regressions on Firefox 3.x
x Following links from the About dialog now closes it (thanks Guardian for
suggestons)
x Fixed NOSCRIPT META refreshes blocking not working when scripts are
globally allowed (thanks and Ken and Tom T. for reporting)

v 2.3.9rc2
==========================================================================
x [ClearClick] Fixed false positives (e.g. on embedded Vimeo movies) in
obscuration by windowed plugins checks

v 2.3.9rc1
==========================================================================
+ [ClearClick] More tolerant snapshot comparation algorithm (partially
backported from NSA) to reduce false positives (tweaked by the
noscript.clearClick.threshold percentage value in about:config)
- Removed about:credits from default whitelist

Version 2.3.9rc3 511.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.3.9rc3
==========================================================================
x Fixed compatibility regressions on Firefox 3.x
x Following links from the About dialog now closes it (thanks Guardian for
suggestons)
x Fixed NOSCRIPT META refreshes blocking not working when scripts are
globally allowed (thanks and Ken and Tom T. for reporting)

v 2.3.9rc2
==========================================================================
x [ClearClick] Fixed false positives (e.g. on embedded Vimeo movies) in
obscuration by windowed plugins checks

v 2.3.9rc1
==========================================================================
+ [ClearClick] Fuzzier snapshot comparation algorithm (partially
backported from NSA) to reduce false positives (tweaked by the
noscript.clearClick.threshold percentage value in about:config)
- Removed about:credits from default whitelist

Version 2.3.9rc2 510.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.3.9rc2
==========================================================================
x [ClearClick] Fixed false positives (e.g. on embedded Vimeo movies) in
obscuration by windowed plugins checks

v 2.3.9rc1
==========================================================================
+ [ClearClick] Fuzzier snapshot comparation algorithm (partially
backported from NSA) to reduce false positives (tweaked by the
noscript.clearClick.threshold percentage value in about:config)
- Removed about:credits from default whitelist

Version 2.3.9rc1 510.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.3.9rc1
==========================================================================
+ [ClearClick] More tolerant snapshot comparation algorithm (partially
backported from NSA) to reduce false positives (tweaked by the
noscript.clearClick.threshold percentage value in about:config)
- Removed about:credits from default whitelist

Version 2.3.8rc2 510.0 KiB Works with Firefox 3.0 - 15.0a1, SeaMonkey 2.0 - 2.12a1

v 2.3.8rc2
==========================================================================
x Fixed 2.3.8rc1 regression slowing down flashvars parsing in some cases
(thanks fred for reporting)
x Fixed redirections in legacy frames not being blocked (thanks "utente"
for reporting)
x [Surrogate] Surrogate to fix broken buttons at Uniblue e-commerce site

v 2.3.8rc1
==========================================================================
+ Smart integration with the new browser-native click to play: if a plugin
object is manually allowed from NoScript's UI, it gets also natively
activated (noscript.smartClickToPlay about:config preference)
+ Improved active content identity tracking, to avoid redundant blocking
steps across reloads

Version 2.3.8rc1 510.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.8rc1
==========================================================================
+ Smart integration with the new browser-native click to play: if a plugin
object is manually allowed from NoScript's UI, it gets also natively
activated (noscript.smartClickToPlay about:config preference)
+ Improved active content identity tracking, to avoid redundant blocking
steps across reloads

Version 2.3.7rc5 509.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.7rc5
==========================================================================
x [ClearClick] Further refinements in TrafficLight compatibility and
"rapid fire" sensitvity

v 2.3.7rc4
==========================================================================
x [ClearClick] Further "rapid fire" protection sensitivity tweaking

v 2.3.7rc3
==========================================================================
x [ClearClick] Work-around for "rapid fire" protection interfering with
some add-ons, such as 1Password (thanks Mike Tselikman for report)

v 2.3.7rc2
==========================================================================
x [ClearClick] Compatibility with Bitdefender TrafficLight (thanks
Christopher A. M. Gerlach for reporting)

v 2.3.7rc1
==========================================================================
x [XSS] Enhanced InjectionChecker tolerance to certain URL patterns
containing domain-names as parameter values (thanks gazer75 for report)

Version 2.3.7rc4 509.0 KiB Works with Firefox 3.0 - 14.0a1, SeaMonkey 2.0 - 2.11a1

v 2.3.7rc4
==========================================================================
x [ClearClick] Further "rapid fire" protection sensitivity tweaking

v 2.3.7rc3
==========================================================================
x [ClearClick] Work-around for "rapid fire" protection interfering with
some add-ons, such as 1Password (thanks Mike Tselikman for report)