NoScript Security Suite Version History

934 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.3.3rc5 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.3rc5
==========================================================================
x [ClearClick] Fixed clicking on some plugin content causing elements of
the parent page to become white (thanks Markus Wienand for report)
x [ClearClick] Fixed minor bugs triggered by ABP placeholders
x [ClearClick] Removed debug borders on some DOM elements from 2.3.3rc4

v 2.3.3rc4
==========================================================================
x [ClearClick] Fixed false positives introduced by 2.3.3rc3 sensitivity
enhancements

v 2.3.3rc3
==========================================================================
+ [ClearClick] Protection against partial obscuration via Flash objects
with OS-native wmode values (thanks David Lin-Shung Huang for reporting)
x [XSS] Further sensitivity tweaks

v 2.3.3rc2
==========================================================================
x [XSS] Better compatibility with some 3rd party ads on Ebay

v 2.3.3rc1
==========================================================================
x [XSS] Fixed false positive on dotted name-value assignments chained with
semicolons (e.g. on some Yahoo-served ads)

Version 2.3.3rc4 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Version 2.3.3rc3 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.3rc3
==========================================================================
+ [ClearClick] Protection against partial obscuration via Flash objects
with OS-native wmode values (thanks David Lin-Shung Huang for reporting)
x [XSS] Further sensitivity tweaks

v 2.3.3rc2
==========================================================================
x [XSS] Better compatibility with some 3rd party ads on Ebay

v 2.3.3rc1
==========================================================================
x [XSS] Fixed false positive on dotted name-value assignments chained with
semicolons (e.g. on some Yahoo-served ads)

Version 2.3.3rc2 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.3rc2
==========================================================================
x [XSS] Better compatibility with some 3rd party ads on Ebay

v 2.3.3rc1
==========================================================================
x [XSS] Fixed false positive on dotted name-value assignments chained with
semicolons (e.g. on some Yahoo-served ads)

Version 2.3.3rc1 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.3rc1
==========================================================================
x [XSS] Fixed false positive on dotted name-value assignments chained with
semicolons (e.g. on some Yahoo-served ads)

Version 2.3.2.1-signed 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.2
==========================================================================
x [XSS] Fixed regression in 2.3.2rc5 preventing some URLs from loading
x [XSS] Removed issue on Chinese pages using HZ-GB-2312 encoding (thanks
Masato Kinugawa for reporting)
+ [XSS] Added event injection checks for scriptless pages too, in order to
prevent edge-case execution on permissions change
x [XSS] Fixed InjectionChecker JavaScript scanning bug (thanks Masato
Kinugawa for reporting)
x [XSS] Improved HTML detection accuracy
+ Better tagging of surrogate sandboxes for about:memory debugging
x Improved glinks surrogate

Version 2.3.2rc6 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.2rc6
==========================================================================
x [XSS] Fixed regression in 2.3.2rc5 preventing some URLs from loading

v 2.3.2rc5
==========================================================================
x [XSS] Removed issue on Chinese pages using HZ-GB-2312 encoding (thanks
Masato Kinugawa for reporting)

v 2.3.2rc4
==========================================================================
x [XSS] Fixed regression from HTML detection changes in 2.3.2rc3 (thanks
Masato Kinugawa for reporting)
+ [XSS] Added event injection checks for scriptless pages too, in order to
prevent edge-case execution on permissions change

v 2.3.2rc3
==========================================================================
x [XSS] Fixed InjectionChecker JavaScript scanning bug (thanks Masato
Kinugawa for reporting)
x [XSS] Improved HTML detection accuracy

v 2.3.2rc2
==========================================================================
x [XSS] Removed issue on Japanese pages using ISO-2022-JP encoding (thanks
Masato Kinugawa for reporting)
x Improved glinks surrogate

v 2.3.2rc1
==========================================================================
+ Better tagging of surrogate sandboxes for about:memory debugging
x Improved glinks surrogate

Version 2.3.2rc5 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.2rc5
==========================================================================
x [XSS] Removed issue on Chinese pages using HZ-GB-2312 encoding (thanks
Masato Kinugawa for reporting)

v 2.3.2rc4
==========================================================================
x [XSS] Fixed regression from HTML detection changes in 2.3.2rc3 (thanks
Masato Kinugawa for reporting)
+ [XSS] Added event injection checks for scriptless pages too, in order to
prevent edge-case execution on permissions change

v 2.3.2rc3
==========================================================================
x [XSS] Fixed InjectionChecker JavaScript scanning bug (thanks Masato
Kinugawa for reporting)
x [XSS] Improved HTML detection accuracy

v 2.3.2rc2
==========================================================================
x [XSS] Removed issue on Japanese pages using ISO-2022-JP encoding (thanks
Masato Kinugawa for reporting)
x Improved glinks surrogate

v 2.3.2rc1
==========================================================================
+ Better tagging of surrogate sandboxes for about:memory debugging
x Improved glinks surrogate

Version 2.3.2rc4 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.2rc4
==========================================================================
x [XSS] Fixed regression from HTML detection changes in 2.3.2rc3 (thanks
Masato Kinugawa for reporting)
+ [XSS] Added event injection checks for scriptless pages too, in order to
prevent edge-case execution on permissions change

v 2.3.2rc3
==========================================================================
x [XSS] Fixed InjectionChecker JavaScript scanning bug (thanks Masato
Kinugawa for reporting)
x [XSS] Improved HTML detection accuracy

v 2.3.2rc2
==========================================================================
x [XSS] Removed issue on Japanese pages using ISO-2022-JP encoding (thanks
Masato Kinugawa for reporting)
x Improved glinks surrogate

v 2.3.2rc1
==========================================================================
+ Better tagging of surrogate sandboxes for about:memory debugging
x Improved glinks surrogate

Version 2.3.2rc3 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.2rc3
==========================================================================
x [XSS] Fixed InjectionChecker JavaScript scanning bug (thanks Masato
Kinugawa for reporting)
x [XSS] Improved HTML detection accuracy

v 2.3.2rc2
==========================================================================
x [XSS] Removed issue on Japanese pages using ISO-2022-JP encoding (thanks
Masato Kinugawa for reporting)
x Improved glinks surrogate

v 2.3.2rc1
==========================================================================
+ Better tagging of surrogate sandboxes for about:memory debugging
x Improved glinks surrogate

Version 2.3.2rc2 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.2rc2
==========================================================================
x [XSS] Removed issue on Japanese pages using ISO-2022-JP encoding (thanks
Masato Kinugawa for reporting)
x Improved glinks surrogate

v 2.3.2rc1
==========================================================================
+ Better tagging of surrogate sandboxes for about:memory debugging
x Improved glinks surrogate

Version 2.3.2rc1 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Version 2.3.1.1-signed 520.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.1
==========================================================================
+ Surrogate to let news pages escape Digg's frame
+ [ClearClick] Improved compatibility with cross-frame overlapping shadows
x Removed ClearClick bypass based on a Firefox SVG CSS filter bug (thanks
.mario for reporting)
+ adf.ly surrogate to automaticaly skip the interstitial page even if
scripts are disabled
x Improved Google search surrogates
+ New surrogate against Google's scriptless tracking of search results
navigation

Version 2.3.1rc4 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.1rc4
==========================================================================
+ Surrogate to let news pages escape Digg's frame
+ [ClearClick] Improved compatibility with cross-frame overlapping shadows

v 2.3.1rc3
==========================================================================
x Removed ClearClick bypass based on a Firefox SVG CSS filter bug (thanks
.mario for reporting)

v 2.3.1rc2
==========================================================================
+ adf.ly surrogate to automaticaly skip the interstitial page even if
scripts are disabled
x Improved Google search surrogates

v 2.3.1rc1
==========================================================================
+ New surrogate against Google's scriptless tracking of search results
navigation

Version 2.3.1rc3 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.1rc3
==========================================================================
x Removed ClearClick bypass based on a Firefox SVG CSS filter bug (thanks
.mario for reporting)

v 2.3.1rc2
==========================================================================
+ adf.ly surrogate to automaticaly skip the interstitial page even if
scripts are disabled
x Improved Google search surrogates

v 2.3.1rc1
==========================================================================
+ New surrogate against Google's scriptless tracking of search results
navigation

Version 2.3.1rc2 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.1rc2
==========================================================================
+ adf.ly surrogate to automaticaly skip the interstitial page even if
scripts are disabled
x Improved Google search surrogates

v 2.3.1rc1
==========================================================================
+ New surrogate against Google's scriptless tracking of search results
navigation

Version 2.3.1rc1 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3.1rc1
==========================================================================
+ New surrogate against Google's scriptless tracking of search results
navigation

Version 2.3.1-signed 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3
==========================================================================
x Fixed about:newtab not considered as a local origin by ABE
+ Added blob:, about:memory and about:support to the automatic whitelist
x Added reflected script inclusion check exception for intensedebate.com
x Fixed CSS issues on Gecko 1.8

Version 2.3rc2 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3rc2
==========================================================================
x Fixed about:newtab not considered as a local origin by ABE

v 2.3rc1
==========================================================================
+ Added blob:, about:memory and about:support to the automatic whitelist
x Added reflected script inclusion check exception for intensedebate.com
x Fixed CSS issues on Gecko 1.8

Version 2.3rc1 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.3rc1
==========================================================================
+ Added blob:, about:memory and about:support to the automatic whitelist
x Added reflected script inclusion check exception for intensedebate.com
x Fixed CSS issues on Gecko 1.8

Version 2.2.9.1-signed 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.2.9
==========================================================================
+ Right click on NoScript menu items copies the site to the clipboard, if
any under the pointer, or all the page-related script sources prepended
with a status mark: + for whitelisted, - for default, ! for untrusted (
thanks Tom T. for RFE)
+ Added browserid.org to the default whitelist
x Improved default whitelist update mechanism
x Fixed some Flash movies failing to load on Nightly (thanks Nova6K0 for
reporting)
x Fixed incompatibility between surrogates / content augmentations (e.g.
toStaticHTML) and CSP (Content Security Policy), thanks Bruce Berry for
reporting
x NoScript won't attempt to load the release notes page if the site is
unreachable
v 2.2.9rc1
==========================================================================
x Fixed ABE failing to recognize some FE80:* IPv6 addresses as local ones
(thanks Mitchum Owen for report)

Version 2.2.9rc2 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.2.9rc2
==========================================================================
+ Right click on NoScript menu items copies the site to the clipboard, if
any under the pointer, or all the page-related script sources prepended
with a status mark: + for whitelisted, - for default, ! for untrusted (
thanks Tom T. for RFE)
+ Added browserid.org to the default whitelist
x Improved default whitelist update mechanism
x Fixed some Flash movies failing to load on Nightly (thanks Nova6K0 for
reporting)
x Fixed incompatibility between surrogates / content augmentations (e.g.
toStaticHTML) and CSP (Content Security Policy), thanks Bruce Berry for
reporting
x NoScript won't attempt to load the release notes page if the site is
unreachable

Version 2.2.9rc1 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.2.9rc1
==========================================================================
x Fixed ABE failing to recognize some FE80:* IPv6 addresses as local ones
(thanks Mitchum Owen for report)

Version 2.2.8.1-signed 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.2.8
==========================================================================
x [ClearClick] Fixed regression, 2.2.8rc1 swallowing clicks on some nested
documents

v 2.2.8rc1
==========================================================================
x [ClearClick] Protection against Koto's Cursorjacking technique disclosed
at http://blog.kotowicz.net/2012/01/cursorjacking-again.html

Version 2.2.8rc2 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.2.8rc2
==========================================================================
x [ClearClick] Fixed regression, 2.2.8rc1 swallowing clicks on some nested
documents

v 2.2.8rc1
==========================================================================
x [ClearClick] Protection against Koto's Cursorjacking technique disclosed
at http://blog.kotowicz.net/2012/01/cursorjacking-again.html

Version 2.2.8rc1 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.2.8rc1
==========================================================================
x [ClearClick] Protection against Koto's Cursorjacking technique disclosed
at http://blog.kotowicz.net/2012/01/cursorjacking-again.html

Version 2.2.7.1-signed 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.2.7
==========================================================================
x [ClearClick] Protection against two steps interaction attack based on
HTML5 DnD (thanks .mario for reporting)

Version 2.2.7rc1 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.2.7rc1
==========================================================================
x [ClearClick] Protection against two stages social engineering bypass
based on HTML5 DnD by .mario

Version 2.2.6.1-signed 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.2.6
==========================================================================
x [XSS] Fixed sanitization reporting bug

v 2.2.6rc1
==========================================================================
+ [XSS] Protection against new kind of response splitting + XSS combo
attack responsibly disclosed by Mike Brooks

Version 2.2.6rc2 519.2 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.2.6rc2
==========================================================================
x [XSS] Fixed sanitization reporting bug

v 2.2.6rc1
==========================================================================
+ [XSS] Protection against new kind of response splitting + XSS combo
attack responsibly disclosed by Mike Brooks