NoScript Security Suite Version History

883 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.1.2.8rc3 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.8rc3
==========================================================================
x Fixed placeholders hard to activate on HTML 5 Youtube videos

v 2.1.2.8rc2
==========================================================================
x [XSS] Improved out-of-the-box compatibility with some Facebook games
x Fixed plugin blocking not working sometimes on file:// pages
loadeded before any network activity (thanks nagan for reporting)

v 2.1.2.8rc1
==========================================================================
+ Google Plus One surrogate (thanks al_9x for code)
- Removed t.co surrogate, since Twitter implemented a NOSCRIPT fallback

Version 2.1.2.8rc1 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.8rc1
==========================================================================
+ Google Plus One surrogate (thanks al_9x for code)
- Removed t.co surrogate, since Twitter implemented a NOSCRIPT fallback

Version 2.1.2.7.1-signed 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.7
==========================================================================
x Better load progress feedback for hosts which are not DNS-cached yet
(thanks al_9x for reporting)

v 2.1.2.7rc3
==========================================================================
x Improved Google Analytics surrogate (thanks al_9x for code)
x More intuitive handling of the "live" behavior of the ABE ruleset editor
when syntax errors are introducd (thanks al_9x for reporting)

v 2.1.2.7rc2
==========================================================================
x Fixed OBJECT document inclusions failing under some circumstances

v 2.1.2.7rc1
==========================================================================
+ Prevent any website from embedding view-source URIs inside frames
x Firefox 9.0a1 compatibility

Version 2.1.2.7rc4 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.7rc4
==========================================================================
x Better load progress feedback for hosts which are not DNS-cached yet
(thanks al_9x for reporting)

v 2.1.2.7rc3
==========================================================================
x Improved Google Analytics surrogate (thanks al_9x for code)
x More intuitive handling of the "live" behavior of the ABE ruleset editor
when syntax errors are introducd (thanks al_9x for reporting)

v 2.1.2.7rc2
==========================================================================
x Fixed OBJECT document inclusions failing under some circumstances

v 2.1.2.7rc1
==========================================================================
+ Prevent any website from embedding view-source URIs inside frames
x Firefox 9.0a1 compatibility

Version 2.1.2.7rc2 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.7rc2
==========================================================================
x Fixed OBJECT document inclusions failing under some circumstances

v 2.1.2.7rc1
==========================================================================
+ Prevent any website from embedding view-source URIs inside frames
x Firefox 9.0a1 compatibility

Version 2.1.2.7rc1 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.7rc1
==========================================================================
+ Prevent any website from embedding view-source URIs inside frames
x Firefox 9.0a1 compatibility

Version 2.1.2.6.1-signed 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.6
==========================================================================
x Temporarily disabled anti-anti-adblocker surrogate on any site except
those explicitly added to noscript.surrogate.ab.sources preference, as a
work-around for bug 677652
x Lazy initialization is deferred also when a file:// URL is loaded as the
home page

v 2.1.2.6rc7
==========================================================================
x More accurate work around for bug 677050

v 2.1.2.6rc6
==========================================================================
x Work around for Nightly bug 677050

v 2.1.2.6rc5
==========================================================================
x Fixed rapid-fire cross-site interaction protection interfering with some
keyboard-based UI patterns

v 2.1.2.6rc4
==========================================================================
x Fixed Firefox's built-in feed renderer broken unless about:feeds is
whitelisted

v 2.1.2.6rc3
==========================================================================
x Plugin origin checks now account for multiple extra-codebase archives
x Work around for HTTPS script inclusions on JavaScript-disabled pages
being loaded, albeit not executed (thanks al_9x for reporting)
x [ClearClick] Tentative work-around for ABP's "Block..." tab causing
false positives on nested documents (thanks GµårÐïåñ for reporting)

v 2.1.2.6rc2
==========================================================================
x Work-around for content policy inconsistencies in Java applet origins
handling (thanks al_9x for reporting)

v 2.1.2.6rc1
==========================================================================
+ Surrogate for the t.co Twitter URL shortener, which would otherwise
require JavaScript
+ USER ruleset conveniently pre-selected when ABE options are opened
x Improved invisible links detection approach

Version 2.1.2.6rc8 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.6rc8
==========================================================================
x Temporarily disabled anti-anti-adblocker surrogate on any site except
those explicitly added to noscript.surrogate.ab.sources preference, as a
work-around for bug 677652
x Lazy initialization is deferred also when a file:// URL is loaded as the
home page

v 2.1.2.6rc7
==========================================================================
x More accurate work around for bug 677050

v 2.1.2.6rc6
==========================================================================
x Work around for Nightly bug 677050

v 2.1.2.6rc5
==========================================================================
x Fixed rapid-fire cross-site interaction protection interfering with some
keyboard-based UI patterns

v 2.1.2.6rc4
==========================================================================
x Fixed Firefox's built-in feed renderer broken unless about:feeds is
whitelisted

v 2.1.2.6rc3
==========================================================================
x Plugin origin checks now account for multiple extra-codebase archives
x Work around for HTTPS script inclusions on JavaScript-disabled pages
being loaded, albeit not executed (thanks al_9x for reporting)
x [ClearClick] Tentative work-around for ABP's "Block..." tab causing
false positives on nested documents (thanks GµårÐïåñ for reporting)

v 2.1.2.6rc2
==========================================================================
x Work-around for content policy inconsistencies in Java applet origins
handling (thanks al_9x for reporting)

v 2.1.2.6rc1
==========================================================================
+ Surrogate for the t.co Twitter URL shortener, which would otherwise
require JavaScript
+ USER ruleset conveniently pre-selected when ABE options are opened
x Improved invisible links detection approach

Version 2.1.2.6rc7 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.6rc7
==========================================================================
x More accurate work around for bug 677050

v 2.1.2.6rc6
==========================================================================
x Work around for Nightly bug 677050

v 2.1.2.6rc5
==========================================================================
x Fixed rapid-fire cross-site interaction protection interfering with some
keyboard-based UI patterns

v 2.1.2.6rc4
==========================================================================
x Fixed Firefox's built-in feed renderer broken unless about:feeds is
whitelisted

v 2.1.2.6rc3
==========================================================================
x Plugin origin checks now account for multiple extra-codebase archives
x Work around for HTTPS script inclusions on JavaScript-disabled pages
being loaded, albeit not executed (thanks al_9x for reporting)
x [ClearClick] Tentative work-around for ABP's "Block..." tab causing
false positives on nested documents (thanks GµårÐïåñ for reporting)

v 2.1.2.6rc2
==========================================================================
x Work-around for content policy inconsistencies in Java applet origins
handling (thanks al_9x for reporting)

v 2.1.2.6rc1
==========================================================================
+ Surrogate for the t.co Twitter URL shortener, which would otherwise
require JavaScript
+ USER ruleset conveniently pre-selected when ABE options are opened
x Improved invisible links detection approach

Version 2.1.2.5.1-signed 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.5
==========================================================================
x Fixed bookmarklets from sidebars not working on JS-disabled pages
+ Improved Twitter surrogate for Fx 3.x

v 2.1.2.4
==========================================================================
+ Ubuntu-specific startup optimization

v 2.1.2.4rc5
==========================================================================
+ Halved startup time (< 50ms) by deferring costly initialitations to
first remote request and fastloading the rest
x Minor tweaks to Twitter surrogate

v 2.1.2.4rc4
==========================================================================
+ Script Surrogate execution also for ABE-denied script requests (
thanks al_9x for RFE)
+ Script Surrogate for Twitter inclusions (thanks al_9x)
x Improved compatibility with Readability
x Fixed switching from one rule to another in the Rulesets box looses
changes in the current rule (thanks al_9x for reporting)

v 2.1.2.4rc3
==========================================================================
x Fixed url bar regression from rc2

v 2.1.2.4rc2
==========================================================================
x [ClearClick] noscript.clearClick.rapidFireCheck about:config preference
to control whether rapid fire event checking should be enabled or not
x [Bookmarks] Fixed javascript-based keyword bookmarklet not being ran on
Fx 6 and above (thanks al_9x for reporting)

v 2.1.2.4rc1
==========================================================================
x [ClearClick] Restored compatibility with bit.ly (now bitly.com)

Version 2.1.2.5rc1 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.5rc1
==========================================================================
x Fixed bookmarklets from sidebars not working on JS-disabled pages
+ Improved Twitter surrogate for Fx 3.x

v 2.1.2.4
==========================================================================
+ Ubuntu-specific startup optimization

v 2.1.2.4rc5
==========================================================================
+ Halved startup time (< 50ms) by deferring costly initialitations to
first remote request and fastloading the rest
x Minor tweaks to Twitter surrogate

v 2.1.2.4rc4
==========================================================================
+ Script Surrogate execution also for ABE-denied script requests (
thanks al_9x for RFE)
+ Script Surrogate for Twitter inclusions (thanks al_9x)
x Improved compatibility with Readability
x Fixed switching from one rule to another in the Rulesets box looses
changes in the current rule (thanks al_9x for reporting)

v 2.1.2.4rc3
==========================================================================
x Fixed url bar regression from rc2

v 2.1.2.4rc2
==========================================================================
x [ClearClick] noscript.clearClick.rapidFireCheck about:config preference
to control whether rapid fire event checking should be enabled or not
x [Bookmarks] Fixed javascript-based keyword bookmarklet not being ran on
Fx 6 and above (thanks al_9x for reporting)

v 2.1.2.4rc1
==========================================================================
x [ClearClick] Restored compatibility with bit.ly (now bitly.com)

Version 2.1.2.4rc6 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.4rc6
==========================================================================
+ Ubuntu-specific startup optimization

v 2.1.2.4rc5
==========================================================================
+ Halved startup time (< 50ms) by deferring costly initialitations to
first remote request and fastloading the rest
x Minor tweaks to Twitter surrogate

v 2.1.2.4rc4
==========================================================================
+ Script Surrogate execution also for ABE-denied script requests (
thanks al_9x for RFE)
+ Script Surrogate for Twitter inclusions (thanks al_9x)
x Improved compatibility with Readability
x Fixed switching from one rule to another in the Rulesets box looses
changes in the current rule (thanks al_9x for reporting)

v 2.1.2.4rc3
==========================================================================
x Fixed url bar regression from rc2

v 2.1.2.4rc2
==========================================================================
x [ClearClick] noscript.clearClick.rapidFireCheck about:config preference
to control whether rapid fire event checking should be enabled or not
x [Bookmarks] Fixed javascript-based keyword bookmarklet not being ran on
Fx 6 and above (thanks al_9x for reporting)

v 2.1.2.4rc1
==========================================================================
x [ClearClick] Restored compatibility with bit.ly (now bitly.com)

Version 2.1.2.4rc5 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.4rc5
==========================================================================
+ Halved startup time (< 50ms) by deferring costly initialitations to
first remote request and fastloading the rest
x Minor tweaks to Twitter surrogate

v 2.1.2.4rc4
==========================================================================
+ Script Surrogate execution also for ABE-denied script requests (
thanks al_9x for RFE)
+ Script Surrogate for Twitter inclusions (thanks al_9x)
x Improved compatibility with Readability
x Fixed switching from one rule to another in the Rulesets box looses
changes in the current rule (thanks al_9x for reporting)

v 2.1.2.4rc3
==========================================================================
x Fixed url bar regression from rc2

v 2.1.2.4rc2
==========================================================================
x [ClearClick] noscript.clearClick.rapidFireCheck about:config preference
to control whether rapid fire event checking should be enabled or not
x [Bookmarks] Fixed javascript-based keyword bookmarklet not being ran on
Fx 6 and above (thanks al_9x for reporting)

v 2.1.2.4rc1
==========================================================================
x [ClearClick] Restored compatibility with bit.ly (now bitly.com)

Version 2.1.2.4rc3 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.4rc3
==========================================================================
x Fixed url bar regression from rc2

v 2.1.2.4rc2
==========================================================================
x [ClearClick] noscript.clearClick.rapidFireCheck about:config preference
to control whether rapid fire event checking should be enabled or not
x [Bookmarks] Fixed javascript-based keyword bookmarklet not being ran on
Fx 6 and above (thanks al_9x for reporting)

v 2.1.2.4rc1
==========================================================================
x [ClearClick] Restored compatibility with bit.ly (now bitly.com)

Version 2.1.2.4rc1 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.4rc1
==========================================================================
x [ClearClick] Restored compatibility with bit.ly (now bitly.com)

v 2.1.2.3rc3
==========================================================================
x [ClearClick] Refactoring and isolation of the rapid fire protection

v 2.1.2.3rc2
==========================================================================
x [ClearClick] Further refinement of rapid fire detection on tab switching

v 2.1.2.3rc1
==========================================================================
x [ClearClick] Fixed delay on first event response after some kinds of tab
switching

v 2.1.2.2rc1
==========================================================================
x [ClearClick] Fixed false positives due to backwards incompatibilities
with Fx 3.5 and below (thanks chas35 for reporting)
x [Nightly compat] Fixed import/export broken by nsIJSON interface changes
in recent nightly builds (thanks happy-dude for reporting)

v 2.1.2.1rc1
==========================================================================
x Fixed rapid fire cross-site interaction protection interfering with
keyboard-based tab switching (thanks tikl for reporting)

Version 2.1.2.3.1-signed 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.3
==========================================================================
x [ClearClick] Refactoring and isolation of the rapid fire protection

v 2.1.2.3rc2
==========================================================================
x [ClearClick] Further refinement of rapid fire detection on tab switching

v 2.1.2.3rc1
==========================================================================
x [ClearClick] Fixed delay on first event response after some kinds of tab
switching

v 2.1.2.2
==========================================================================
x [ClearClick] Fixed false positives due to backwards incompatibilities
with Fx 3.5 and below (thanks chas35 for reporting)
x [Nightly compat] Fixed import/export broken by nsIJSON interface changes
in recent nightly builds (thanks happy-dude for reporting)

v 2.1.2.1
==========================================================================
x Fixed rapid fire cross-site interaction protection interfering with
keyboard-based tab switching (thanks tikl for reporting)

Version 2.1.2.1rc1 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.1rc1
==========================================================================
x Fixed rapid fire cross-site interaction protection interfering with
keyboard-based tab switching (thanks tikl for reporting)

Version 2.1.2rc6 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2rc6
==========================================================================
x Minor tweaks to the new rapid fire cross-site interaction protection

v 2.1.2rc5
==========================================================================
+ ClearClick protection against rapid fire cross-site interaction AKA
"double-clickjacking" (thanks Collin Jackson for RFE), see
http://mayscript.com/blog/david/clickjacking-attacks-unresolved

v 2.1.2rc4
==========================================================================
+ ClearClick protection against view-source content extraction attacks
(thanks Steven Roddis for RFE)
+ Current version number shown directly in all the "About NoScript" menu
items (thanks therube for RFE)
x Fixed NoScript icon status not updated when a tab is moved to a new
window (thanks dhouwn for reporting)

v 2.1.2rc3
==========================================================================
x Fixed work around for Bug 668690 breaking feed viewer (thanks Jim Too
for reporting)

v 2.1.2rc2
==========================================================================
x Disabled NoScript's X-Frame-Options support on Firefox 3.6.10 and above,
where it is built-in
x Work around for Bug 668690 affecting Gecko 2.0 and above (thanks Nemoar
and al_9x for reporting)

v 2.1.2rc1
==========================================================================
x Fixed startup error in Nightly due to the merge of event target
interfaces in bug 658714 (thanks Hydraxr for reporting)

Version 2.1.2rc4 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Version 2.1.2rc3 505.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2rc3
==========================================================================
x Fixed work around for Bug 668690 breaking feed viewer (thanks Jim Too
for reporting)

v 2.1.2rc2
==========================================================================
x Disabled NoScript's X-Frame-Options support on Firefox 3.6.10 and above,
where it is built-in
x Work around for Bug 668690 affecting Gecko 2.0 and above (thanks Nemoar
and al_9x for reporting)

v 2.1.2rc1
==========================================================================
x Fixed startup error in Nightly due to the merge of event target
interfaces in bug 658714 (thanks Hydraxr for reporting)

Version 2.1.2rc2 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Version 2.1.2rc0 505.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2rc0
==========================================================================
x Fixed conflict with Firebug console
x Removed legacy code in content policy and ClearClick

v 2.1.1.2rc9
==========================================================================
x Fixed surrogates causing duplicate history entries for some sites on
Firefox 5
x Work around for bug 666371 breaking popunder surrogate and legitimate
popups on some sites

v 2.1.1.2rc8
==========================================================================
x Work-around for Mac OS X filepicker in Firefox 5 preventing exported
configuration files from being reimported

v 2.1.1.2rc7
==========================================================================
x Work-around for Nightly bug breaking the "View image" command
x Improved Google Analytics surrogate

v 2.1.1.2rc6
==========================================================================
+ HTML 5 media blocking extended to Mozilla's audio API extension (thanks
al_9x for RFE)
x Improved handling of resource prefetching through object elements
x Removed msc.wlxrs.com and js.wlxrs.com, adding just wlxrs.com to the
default whitelist and to the whitelists of Hotmail users, after Microsoft
explained that this is the future-proof permission needed to ensure
compatibility with the Live webmail

v 2.1.1.2rc5
==========================================================================
x Full page reload is not triggered anymore when invisible plugin objects
are activated if the parent page has been loaded by a POST HTTP request
(thanks al_9x for RFE)
x Full page reload is not triggered anymore on invisible frame activation
(thanks al_9x for RFE)
x Fixed "Blocked Objects" menu missing on Hotmail inbox (thanks therube
for reporting)
x Object elements used to prefetch JavaScript and CSS content are not
blocked anymore, provided that the parent is whitelisted, This behavior
can be disabled in about:config, noscript.allowCachingObjects (thanks
al_9x for RFE)

v 2.1.1.2rc4
==========================================================================
+ Added msc.wlxrs.com to the default whitelist as requested by the Hotmail
team (new domain required for Hotmail to work)
+ One-time merge of the default whitelist to integrate services already
whitelisted as needed (e.g. hotmail.com to imply msc.wlxrs.com)
x Work-around for scripts served from amazonaws.com having wrong media
type sometimes

v 2.1.1.2rc3
==========================================================================
x Fixed frame in-place activation causing the content to be loaded inside
a nested iframe (thanks al_9x for reporting)

v 2.1.1.2rc2
==========================================================================
x [XSS] Work-around for an unfixable (JavaScript fragments get actually
uploaded cross-site) false positive on Verizon login (thanks John Dwyer
for reportng)

v 2.1.1.2rc1
==========================================================================
x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
noise on trunk after bug 311007 landed (thanks Hydraxr for report)

Version 2.1.1.2.1-signed 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.1.2 (same as 2.1.2rc0)
==========================================================================
x Fixed conflict with Firebug console
x Removed legacy code in content policy and ClearClick

v 2.1.1.2rc9
==========================================================================
x Fixed surrogates causing duplicate history entries for some sites on
Firefox 5
x Work around for bug 666371 breaking popunder surrogate and legitimate
popups on some sites

v 2.1.1.2rc8
==========================================================================
x Work-around for Mac OS X filepicker in Firefox 5 preventing exported
configuration files from being reimported

v 2.1.1.2rc7
==========================================================================
x Work-around for Nightly bug breaking the "View image" command
x Improved Google Analytics surrogate

v 2.1.1.2rc6
==========================================================================
+ HTML 5 media blocking extended to Mozilla's audio API extension (thanks
al_9x for RFE)
x Improved handling of resource prefetching through object elements
x Removed msc.wlxrs.com and js.wlxrs.com, adding just wlxrs.com to the
default whitelist and to the whitelists of Hotmail users, after Microsoft
explained that this is the future-proof permission needed to ensure
compatibility with the Live webmail

v 2.1.1.2rc5
==========================================================================
x Full page reload is not triggered anymore when invisible plugin objects
are activated if the parent page has been loaded by a POST HTTP request
(thanks al_9x for RFE)
x Full page reload is not triggered anymore on invisible frame activation
(thanks al_9x for RFE)
x Fixed "Blocked Objects" menu missing on Hotmail inbox (thanks therube
for reporting)
x Object elements used to prefetch JavaScript and CSS content are not
blocked anymore, provided that the parent is whitelisted, This behavior
can be disabled in about:config, noscript.allowCachingObjects (thanks
al_9x for RFE)

v 2.1.1.2rc4
==========================================================================
+ Added msc.wlxrs.com to the default whitelist as requested by the Hotmail
team (new domain required for Hotmail to work)
+ One-time merge of the default whitelist to integrate services already
whitelisted as needed (e.g. hotmail.com to imply msc.wlxrs.com)
x Work-around for scripts served from amazonaws.com having wrong media
type sometimes

v 2.1.1.2rc3
==========================================================================
x Fixed frame in-place activation causing the content to be loaded inside
a nested iframe (thanks al_9x for reporting)

v 2.1.1.2rc2
==========================================================================
x [XSS] Work-around for an unfixable (JavaScript fragments get actually
uploaded cross-site) false positive on Verizon login (thanks John Dwyer
for reportng)

v 2.1.1.2rc1
==========================================================================
x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
noise on trunk after bug 311007 landed (thanks Hydraxr for report)

Version 2.1.1.2rc9 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.1.2rc9
==========================================================================
x Fixed surrogates causing duplicate history entries for some sites on
Firefox 5
x Work around for bug 666371 breaking popunder surrogate and legitimate
popups on some sites

v 2.1.1.2rc8
==========================================================================
x Work-around for Mac OS X filepicker in Firefox 5 preventing exported
configuration files from being reimported

v 2.1.1.2rc7
==========================================================================
x Work-around for Nightly bug breaking the "View image" command
x Improved Google Analytics surrogate

v 2.1.1.2rc6
==========================================================================
+ HTML 5 media blocking extended to Mozilla's audio API extension (thanks
al_9x for RFE)
x Improved handling of resource prefetching through object elements
x Removed msc.wlxrs.com and js.wlxrs.com, adding just wlxrs.com to the
default whitelist and to the whitelists of Hotmail users, after Microsoft
explained that this is the future-proof permission needed to ensure
compatibility with the Live webmail

v 2.1.1.2rc5
==========================================================================
x Full page reload is not triggered anymore when invisible plugin objects
are activated if the parent page has been loaded by a POST HTTP request
(thanks al_9x for RFE)
x Full page reload is not triggered anymore on invisible frame activation
(thanks al_9x for RFE)
x Fixed "Blocked Objects" menu missing on Hotmail inbox (thanks therube
for reporting)
x Object elements used to prefetch JavaScript and CSS content are not
blocked anymore, provided that the parent is whitelisted, This behavior
can be disabled in about:config, noscript.allowCachingObjects (thanks
al_9x for RFE)

v 2.1.1.2rc4
==========================================================================
+ Added msc.wlxrs.com to the default whitelist as requested by the Hotmail
team (new domain required for Hotmail to work)
+ One-time merge of the default whitelist to integrate services already
whitelisted as needed (e.g. hotmail.com to imply msc.wlxrs.com)
x Work-around for scripts served from amazonaws.com having wrong media
type sometimes

v 2.1.1.2rc3
==========================================================================
x Fixed frame in-place activation causing the content to be loaded inside
a nested iframe (thanks al_9x for reporting)

v 2.1.1.2rc2
==========================================================================
x [XSS] Work-around for an unfixable (JavaScript fragments get actually
uploaded cross-site) false positive on Verizon login (thanks John Dwyer
for reportng)

v 2.1.1.2rc1
==========================================================================
x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
noise on trunk after bug 311007 landed (thanks Hydraxr for report)

Version 2.1.1.2rc8 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

==========================================================================
x Work-around for Mac OS X filepicker in Firefox 5 preventing exported
configuration files from being reimported

v 2.1.1.2rc7
==========================================================================
x Work-around for Nightly bug breaking the "View image" command
x Improved Google Analytics surrogate

v 2.1.1.2rc6
==========================================================================
+ HTML 5 media blocking extended to Mozilla's audio API extension (thanks
al_9x for RFE)
x Improved handling of resource prefetching through object elements
x Removed msc.wlxrs.com and js.wlxrs.com, adding just wlxrs.com to the
default whitelist and to the whitelists of Hotmail users, after Microsoft
explained that this is the future-proof permission needed to ensure
compatibility with the Live webmail

v 2.1.1.2rc5
==========================================================================
x Full page reload is not triggered anymore when invisible plugin objects
are activated if the parent page has been loaded by a POST HTTP request
(thanks al_9x for RFE)
x Full page reload is not triggered anymore on invisible frame activation
(thanks al_9x for RFE)
x Fixed "Blocked Objects" menu missing on Hotmail inbox (thanks therube
for reporting)
x Object elements used to prefetch JavaScript and CSS content are not
blocked anymore, provided that the parent is whitelisted, This behavior
can be disabled in about:config, noscript.allowCachingObjects (thanks
al_9x for RFE)

v 2.1.1.2rc4
==========================================================================
+ Added msc.wlxrs.com to the default whitelist as requested by the Hotmail
team (new domain required for Hotmail to work)
+ One-time merge of the default whitelist to integrate services already
whitelisted as needed (e.g. hotmail.com to imply msc.wlxrs.com)
x Work-around for scripts served from amazonaws.com having wrong media
type sometimes

v 2.1.1.2rc3
==========================================================================
x Fixed frame in-place activation causing the content to be loaded inside
a nested iframe (thanks al_9x for reporting)

v 2.1.1.2rc2
==========================================================================
x [XSS] Work-around for an unfixable (JavaScript fragments get actually
uploaded cross-site) false positive on Verizon login (thanks John Dwyer
for reportng)

v 2.1.1.2rc1
==========================================================================
x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
noise on trunk after bug 311007 landed (thanks Hydraxr for report)

Version 2.1.1.2rc7 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.1.2rc7
==========================================================================
x Work-around for Nightly bug breaking the "View image" command
x Improved Google Analytics surrogate

v 2.1.1.2rc6
==========================================================================
+ HTML 5 media blocking extended to Mozilla's audio API extension (thanks
al_9x for RFE)
x Improved handling of resource prefetching through object elements
x Removed msc.wlxrs.com and js.wlxrs.com, adding just wlxrs.com to the
default whitelist and to the whitelists of Hotmail users, after Microsoft
explained that this is the future-proof permission needed to ensure
compatibility with the Live webmail

v 2.1.1.2rc5
==========================================================================
x Full page reload is not triggered anymore when invisible plugin objects
are activated if the parent page has been loaded by a POST HTTP request
(thanks al_9x for RFE)
x Full page reload is not triggered anymore on invisible frame activation
(thanks al_9x for RFE)
x Fixed "Blocked Objects" menu missing on Hotmail inbox (thanks therube
for reporting)
x Object elements used to prefetch JavaScript and CSS content are not
blocked anymore, provided that the parent is whitelisted, This behavior
can be disabled in about:config, noscript.allowCachingObjects (thanks
al_9x for RFE)

v 2.1.1.2rc4
==========================================================================
+ Added msc.wlxrs.com to the default whitelist as requested by the Hotmail
team (new domain required for Hotmail to work)
+ One-time merge of the default whitelist to integrate services already
whitelisted as needed (e.g. hotmail.com to imply msc.wlxrs.com)
x Work-around for scripts served from amazonaws.com having wrong media
type sometimes

v 2.1.1.2rc3
==========================================================================
x Fixed frame in-place activation causing the content to be loaded inside
a nested iframe (thanks al_9x for reporting)

v 2.1.1.2rc2
==========================================================================
x [XSS] Work-around for an unfixable (JavaScript fragments get actually
uploaded cross-site) false positive on Verizon login (thanks John Dwyer
for reportng)

v 2.1.1.2rc1
==========================================================================
x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
noise on trunk after bug 311007 landed (thanks Hydraxr for report)

Version 2.1.1.2rc6 506.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.1.2rc6
==========================================================================
+ HTML 5 media blocking extended to Mozilla's audio API extension (thanks
al_9x for RFE)
x Improved handling of resource prefetching through object elements
x Removed msc.wlxrs.com and js.wlxrs.com, adding just wlxrs.com to the
default whitelist and to the whitelists of Hotmail users, after Microsoft
explained that this is the future-proof permission needed to ensure
compatibility with the Live webmail

v 2.1.1.2rc5
==========================================================================
x Full page reload is not triggered anymore when invisible plugin objects
are activated if the parent page has been loaded by a POST HTTP request
(thanks al_9x for RFE)
x Full page reload is not triggered anymore on invisible frame activation
(thanks al_9x for RFE)
x Fixed "Blocked Objects" menu missing on Hotmail inbox (thanks therube
for reporting)
x Object elements used to prefetch JavaScript and CSS content are not
blocked anymore, provided that the parent is whitelisted, This behavior
can be disabled in about:config, noscript.allowCachingObjects (thanks
al_9x for RFE)

v 2.1.1.2rc4
==========================================================================
+ Added msc.wlxrs.com to the default whitelist as requested by the Hotmail
team (new domain required for Hotmail to work)
+ One-time merge of the default whitelist to integrate services already
whitelisted as needed (e.g. hotmail.com to imply msc.wlxrs.com)
x Work-around for scripts served from amazonaws.com having wrong media
type sometimes

v 2.1.1.2rc3
==========================================================================
x Fixed frame in-place activation causing the content to be loaded inside
a nested iframe (thanks al_9x for reporting)

v 2.1.1.2rc2
==========================================================================
x [XSS] Work-around for an unfixable (JavaScript fragments get actually
uploaded cross-site) false positive on Verizon login (thanks John Dwyer
for reportng)

v 2.1.1.2rc1
==========================================================================
x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
noise on trunk after bug 311007 landed (thanks Hydraxr for report)

Version 2.1.1.2rc5 505.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.1.2rc5
==========================================================================
x Full page reload is not triggered anymore when invisible plugin objects
are activated if the parent page has been loaded by a POST HTTP request
(thanks al_9x for RFE)
x Full page reload is not triggered anymore on invisible frame activation
(thanks al_9x for RFE)
x Fixed "Blocked Objects" menu missing on Hotmail inbox (thanks therube
for reporting)
x Object elements used to prefetch JavaScript and CSS content are not
blocked anymore, provided that the parent is whitelisted, This behavior
can be disabled in about:config, noscript.allowCachingObjects (thanks
al_9x for RFE)

v 2.1.1.2rc4
==========================================================================
+ Added msc.wlxrs.com to the default whitelist as requested by the Hotmail
team (new domain required for Hotmail to work)
+ One-time merge of the default whitelist to integrate services already
whitelisted as needed (e.g. hotmail.com to imply msc.wlxrs.com)
x Work-around for scripts served from amazonaws.com having wrong media
type sometimes

v 2.1.1.2rc3
==========================================================================
x Fixed frame in-place activation causing the content to be loaded inside
a nested iframe (thanks al_9x for reporting)

v 2.1.1.2rc2
==========================================================================
x [XSS] Work-around for an unfixable (JavaScript fragments get actually
uploaded cross-site) false positive on Verizon login (thanks John Dwyer
for reportng)

v 2.1.1.2rc1
==========================================================================
x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
noise on trunk after bug 311007 landed (thanks Hydraxr for report)

Version 2.1.1.2rc4 505.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.1.2rc4
==========================================================================
+ Added msc.wlxrs.com to the default whitelist as requested by the Hotmail
team (new domain required for Hotmail to work)
+ One-time merge of the default whitelist to integrate services already
whitelisted as needed (e.g. hotmail.com to imply msc.wlxrs.com)
x Work-around for scripts served from amazonaws.com having wrong media
type sometimes

v 2.1.1.2rc3
==========================================================================
x Fixed frame in-place activation causing the content to be loaded inside
a nested iframe (thanks al_9x for reporting)

v 2.1.1.2rc2
==========================================================================
x [XSS] Work-around for an unfixable (JavaScript fragments get actually
uploaded cross-site) false positive on Verizon login (thanks John Dwyer
for reportng)

v 2.1.1.2rc1
==========================================================================
x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
noise on trunk after bug 311007 landed (thanks Hydraxr for report)

Version 2.1.1.2rc1 505.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.1.2rc1
==========================================================================
x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
noise on trunk after bug 311007 landed (thanks Hydraxr for report)