NoScript Security Suite Version History

615 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.6.9rc3 529.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.9rc3
=============================================================
+ [XSS] Improved location-based exfiltration protection
(thanks Masato Kinugawa for reporting)

Version 2.6.9rc2 529.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.9rc2
=============================================================
+ [Surrogate] login.person.org inclusion (thanks barbaz)
x [XSS] Fixed 2.6.8.43 regressions
x [XSS] Improved specificity for eval-like patterns

v 2.6.9rc1
=============================================================
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support
x [XSS] Fixed 2.6.8.43 regressions

Version 2.6.9rc1 531.5 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.9rc1
=============================================================
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support
x [XSS] Fixed 2.6.8.43 regressions

Version 2.6.8.43rc2 528.5 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.43rc2
=============================================================
x [XSS] Fixed rc1 regression (thanks Masato Kinugawa for
reporting)

v 2.6.8.43rc1
=============================================================
x [XSS] Protection against some exfiltration attacks based on
arithmetic operators (thanks Masato Kinugawa and File
Descriptor AKA XSS Jigsaw for reporting)

Version 2.6.8.43rc1 528.4 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.43rc1
=============================================================
x [XSS] Protection against some exfiltration attacks based on
arithmetic operators (thanks Masato Kinugawa and File
Descriptor AKA XSS Jigsaw for reporting)

Version 2.6.8.42rc3 528.3 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x [XSS] Improved window.name exfiltration protection
(thanks Masato Kinugava for reporting)

v 2.6.8.42rc2
=============================================================
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.42rc2 528.1 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.42rc2
=============================================================
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.42rc1 527.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.41rc3 527.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.41rc3
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for help)

v 2.6.8.41rc2
=============================================================
x Added "Always ask" checkbox to the removal confirmation
dialog (thanks agaxwtmp for RFE)
x Fixed Options dialog broken on ancient Firefox versions

v 2.6.8.41rc1
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for patch)
x [XSS] Fixed false positive within *.adxns.com

Version 2.6.8.41rc2 527.7 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.41rc2
=============================================================
x Added "Always ask" checkbox to the removal confirmation
dialog (thanks agaxwtmp for RFE)
x Fixed Options dialog broken on ancient Firefox versions

v 2.6.8.41rc1
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for patch)
x [XSS] Fixed false positive within *.adxns.com

Version 2.6.8.41rc1 527.7 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.41rc1
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for patch)
x [XSS] Fixed false positive within *.adxns.com

Version 2.6.8.40rc2 529.0 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.40rc2
=========================================================================
x Fixed regression causing script inclusions with non-standard ports to
be always blocked

v 2.6.8.40rc1
=========================================================================
x [ABE] Improved ruleset editing UI (thanks barbaz for patch)

Version 2.6.8.40rc1 528.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.40rc1
=========================================================================
x [ABE] Improved ruleset editing UI (thanks barbaz for patch)

Version 2.6.8.39rc2 527.2 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.39rc2
=========================================================================
x [Surrogate] Removed DARLA surrogate and reimplemented its work-around
as a XSS filter exception
x [Bookmarklets] Fixed bookmarklets broken when JavaScript is enabled
(thanks therube for reporting)

v 2.6.8.39rc1
=========================================================================
x [Surrogate] Work-around for DARLA surrogate breaking Yahoo! Mail

Version 2.6.8.39rc1 527.3 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.39rc1
=========================================================================
x [Surrogate] Work-around for DARLA surrogate breaking Yahoo! Mail

Version 2.6.8.38rc2 527.0 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.38rc2
=========================================================================
x Fixed regression preventing Youtube movies from playing

v 2.6.8.38rc1
=========================================================================
x Completed work-around for Firefox's Bug 1044351
x [Surrogate] Improved Yahoo! DARLA source matching

Version 2.6.8.38rc1 527.1 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.38rc1
=========================================================================
x Completed work-around for Firefox's Bug 1044351
x [Surrogate] Improved Yahoo! DARLA source matching

Version 2.6.8.37rc3 527.0 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.37rc3
=========================================================================
x Made the new additional script blocking policies more consistent with
other features (e.g. the XSS filter)
x NoScript's toolbar button is now friendlier to other Australis-enabled
add-ons
x Work-around for Firefox's Bug 1044351 (thanks al_9x for RFE)

v 2.6.8.37rc2
=========================================================================
x [XSS] Support for new insidious ES6 constructs introduced in Firefox 34
(thanks .mario for reporting)
x [HTTPS] Experimental "Allow HTTPS scripts globally on HTTPS documents"
mode

v 2.6.8.37rc1
=========================================================================
x [Surrogate] Yahoo! "DARLA" ads loader post-execution surrogate prevents
the browser from stalling due to the many window.name-based XSSes
intentionally used by this ads delivery script

Version 2.6.8.37rc2 526.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

Version 2.6.8.37rc1 526.1 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.37rc1
=========================================================================
x [Surrogate] Yahoo! "DARLA" ads loader post-execution surrogate prevents
the browser from stalling due to the many window.name-based XSSes
intentionally used by this ads delivery script

Version 2.6.8.36rc1 526.1 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.36rc1
=========================================================================
x [Surrogate] Updated adf.ly replacement (thanks kasper93 for coding)
x [Surrogate] Updated connect.facebook.net replacement
x Fixed bookmarklet emulation compatibility issue breaking some add-ons
which rely on the new getShortcutOrURIAndPostData() function signature

Version 2.6.8.35rc2 526.0 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.35rc2
=========================================================================
x Improved compatibility with browser built-in Click To Play

v 2.6.8.35rc1
=========================================================================
+ Recently blocked sites are now recorded per-window (causing automatic
oblivion of data from Private Browsing windows when they're closed)
+ Recently blocked sites are not collected at all unless the menu item
is configured to be shown (thanks Barbaz for RFE and patch)

Version 2.6.8.35rc1 541.7 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.35rc1
=========================================================================
+ Recently blocked sites are now recorded per-window (causing automatic
oblivion of data from Private Browsing windows when they're closed)
+ Recently blocked sites are not collected at all unless the menu item
is configured to be shown (thanks Barbaz for RFE and patch)

Version 2.6.8.34rc1 541.6 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.34rc1
=========================================================================
x Added "cdn.directvid.com/*.jsx" to inclusionTypeChecking.exceptions in
in order to let the directvid video player work
x Better compatibility with null principal origins created by the
Add-on SDK (thanks neilemon for reporting)

Version 2.6.8.33rc1 525.9 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.33rc1
=========================================================================
x Fixed regression in smart reloading of just allowed HTML Media elements
(thanks barbaz for reporting)

Version 2.6.8.32rc3 1.0 MiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.32rc3
=========================================================================
x Fixed regression: NOSCRIPT element not shown on non-whitelisted pages
(thanks Germán Ponte and Michael Kehrein for reporting)

v 2.6.8.32rc2
=========================================================================
x Replaced Ci.nsIDOMHTML(Video|Audio)Element (about to be removed) with
window.(Video|Audio)Element counterparts (see Moz Bug 1034304)

v 2.6.8.32rc1
=========================================================================
x Fixed jammed icon on the navigation bar when "left clicking on toolbar
icon toggles..." option is checked (thanks Larry for reporting)

Version 2.6.8.32rc2 1.0 MiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.32rc2
=========================================================================
x Replaced Ci.nsIDOMHTML(Video|Audio)Element (about to be removed) with
window.(Video|Audio)Element counterparts (see Moz Bug 1034304)

v 2.6.8.32rc1
=========================================================================
x Fixed jammed icon on the navigation bar when "left clicking on toolbar
icon toggles..." option is checked (thanks Larry for reporting)

Version 2.6.8.32rc1 525.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.32rc1
=========================================================================
x Fixed jammed icon on the navigation bar when "left clicking on toolbar
icon toggles..." option is checked (thanks Larry for reporting)

Version 2.6.8.31rc1 525.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.31rc1
=========================================================================
x Fixed a regression in bookmarklet emulation (typo spotted by al_9x)


v 2.6.8.30rc5
=========================================================================
x Updated HTML5 and Gecko-specific markup elements list
x Fixed "too much recursion" bug in bookmarklet emulation when executing
window.open(..., "_self") (thanks al_9x)

v 2.6.8.30rc4
=========================================================================
x Improved icons consistence with cascading permissions
x Fixed 2.6.8.30rc1 regression: broken local file loads

v 2.6.8.30rc3
=========================================================================
x Make "[Temporarily] Allow all this page" affect only the top-level
document's origin when cascading permissions mode is enabled

v 2.6.8.30rc2
=========================================================================
x [Surrogate] Fixed regression about a small change in sandbox principal
management breaking some surrogates, including Google Analytics

v 2.6.8.30rc1
=========================================================================
x [CAPS] better compatibility with Firefox 30's restored checkloaduri
prefs hack
+ UI support for cascadePermissions and restrictSubdocScripting
+ "NoScript Options|Advanced|Trusted|Cascade top document's permissions
to 3rd party scripts" user-facing preference
+ "NoScript Options|Advanced|Untrusted|Block scripting in whitelisted
subdocuments of non-whitelisted pages" user-facing preference
+ Backported cascadePermissions and restrictSubdocScripting support to
ESR 24

Version 2.6.8.30rc5 525.8 KiB Works with Firefox 3.0.9 and later, SeaMonkey 2.0 and later

v 2.6.8.30rc5
=========================================================================
x Updated HTML5 and Gecko-specific markup elements list
x Fixed "too much recursion" book in bookmarket emulation when executing
window.open(..., "_self") (thanks al_9x)

v 2.6.8.30rc4
=========================================================================
x Improved icons consistence with cascading permissions
x Fixed 2.6.8.30rc1 regression: broken local file loads

v 2.6.8.30rc3
=========================================================================
x Make "[Temporarily] Allow all this page" affect only the top-level
document's origin when cascading permissions mode is enabled

v 2.6.8.30rc2
=========================================================================
x [Surrogate] Fixed regression about a small change in sandbox principal
management breaking some surrogates, including Google Analytics

v 2.6.8.30rc1
=========================================================================
x [CAPS] better compatibility with Firefox 30's restored checkloaduri
prefs hack
+ UI support for cascadePermissions and restrictSubdocScripting
+ "NoScript Options|Advanced|Trusted|Cascade top document's permissions
to 3rd party scripts" user-facing preference
+ "NoScript Options|Advanced|Untrusted|Block scripting in whitelisted
subdocuments of non-whitelisted pages" user-facing preference
+ Backported cascadePermissions and restrictSubdocScripting support to
ESR 24