NoScript Security Suite Version History

709 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.0.1rc5 492.5 KB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.1rc5 (2.0.1 final)
==========================================================================
+ [ABE] noscript.abe.localExtras about:config preference can specify net
resources (space separated IPs and/or subnets) to be considered as
LOCAL by ABE, in addition to the "regular" private subnetworks and the
auto-detected WAN IP (thanks ammdispose for suggestion)
x [ClearClick] Better compatibility with iframes containing very tiny
pages (e.g. horizontal Flattr buttons)
x Fixed page-level surrogates not always being executed inside iframes
(thanks al_9x for reporting)
x [XSS] Fixed XML tags with no attributes which are homonymous of
"sensitive" HTML tags triggering XSS false positives

v 2.0.1rc4
==========================================================================
+ Forced NOSCRIPT element activation is not triggered for sources marked
as untrusted (thanks al_9x for suggestion)
+ Update for Firefox 4.0b4pre compatibility (bug 546606)

v 2.0.1rc3
==========================================================================
x Improved interaction between surrogates and NOSCRIPT element activation
x Fixed potential recursion issue during DNS resolution on SeaMonkey trunk
(thanks therube for reporting)
x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=584334
x Fixed using IPv6 URL syntax causes confusion to some proxies
x Compatibility checks updates

v 2.0.1rc2
==========================================================================
+ [ABE] "X-ABE-Fingerprint: Off" header can be sent by web servers which
don't want/need to be fingerprinted by ABE's WAN IP protection
+ [ABE] User agent header "Mozilla/5.0 (ABE, http://noscript.net/abe/wan)"
is sent to help administrators finding info about ABE's fingerprinting
x [ABE] Fingerprint checks are performed every 15 minutes, rather than 5
x Fixed early access to document.documentElement breaking XBL bindings
on SeaMonkey trunk (thanks therube for reporting)

v 2.0.1rc1
==========================================================================
x Fixed meta redirections being broken sometimes when a NOSCRIPT element
activation is forced on a JavaScript-enabled page (thanks Supermop for
reporting)

Version 2.0.1rc4 492.5 KB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.1rc4
==========================================================================
+ Forced NOSCRIPT element activation is not triggered for sources marked
as untrusted (thanks al_9x for suggestion)
+ Update for Firefox 4.0b4pre compatibility (bug 546606)

v 2.0.1rc3
==========================================================================
x Improved interaction between surrogates and NOSCRIPT element activation
x Fixed potential recusion issue during DNS resolution on SeaMonkey trunk
(thanks therube for reporting)
x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=584334
x Fixed using IPv6 URL syntax causes confusion to some proxies
x Compatibility checks updates

Version 2.0.1rc2 492.5 KB Works with Firefox 3.0 - 4.0b3pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.1rc2
==========================================================================
+ [ABE] "X-ABE-Fingerprint: Off" header can be sent by web servers which
don't want/need to be fingerprinted by ABE's WAN IP protection
+ [ABE] User agent header "Mozilla/5.0 (ABE, http://noscript.net/abe/wan)"
is sent to help administrators finding info about ABE's fingerprinting
x [ABE] Fingerprint checks are performed every 15 minutes, rather than 5
x Fixed early access to document.documentElement breaking XBL bindings
on SeaMonkey trunk (thanks therube for reporting)

Version 2.0.1rc1 492.5 KB Works with Firefox 3.0 - 4.0b3pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.1rc1
==========================================================================
x Fixed meta redirections being broken sometimes when a NOSCRIPT element
activation is forced on a JavaScript-enabled page (thanks Supermop for
reporting)

Version 2.0 492.5 KB Works with Firefox 3.0 - 4.0b3pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0
==========================================================================
x [Surrogate] Fixed Google thumbs surrogate broken by recent Gecko changes
x [ClearClick] Work-around for client(Height|Width) miscalculation

v 2.0rc8
==========================================================================
+ Full hand-over to InjectionChecker for untrusted origin requests as well
+ More efficient UI synchronization system
x Fixed status icon not being correctly updated when a new script source
gets added after page is loaded

v 2.0rc7
==========================================================================
+ More web-compatible NOSCRIPT element handling on mixed permissions pages

v 2.0rc6
==========================================================================
+ [ABE] WAN IP checks logged on Error Console (thanks al_9x for RFE)

v 2.0rc5
==========================================================================
+ [ABE] Experimental cross-zone CSRF protection for flawed routers which
expose their WAN IP on their LAN interface (thanks al_9x for report)

v 2.0rc4
==========================================================================
+ Anti-anti-adblocker generic page-level surrogate
+ Minimal surrogates for several ad/tracking sources
+ Revsci surrogate (thanks al_9x)
x Work-around for medicare.gov "benign" XSS

v 2.0rc3
==========================================================================
x Fixed X-Frame-Options being checked for plugin embeddings as well
(thanks Richard Johnson for reporting)

v 2.0rc2
==========================================================================
+ External filters now receive the object URL as their 4th argument

Version 2.0rc9 492.5 KB Works with Firefox 3.0 - 4.0b3pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0
==========================================================================
x [Surrogate] Fixed Google thumbs surrogate broken by recent Gecko changes
x [ClearClick] Work-around for client(Height|Width) miscalculation

Version 2.0rc8 491.5 KB Works with Firefox 3.0 - 4.0b3pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0rc8
==========================================================================
+ Full hand-over to InjectionChecker for untrusted origin requests as well
+ More efficient UI synchronization system
x Fixed status icon not being correctly updated when a new script source
gets added after page is loaded

v 2.0rc7
==========================================================================
+ More web-compatible NOSCRIPT element handling on mixed permissions pages

Version 2.0rc6 492.5 KB Works with Firefox 3.0 - 4.0b3pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0rc6
==========================================================================
+ [ABE] WAN IP checks logged on Error Console (thanks al_9x for RFE)

v 2.0rc5
==========================================================================
+ [ABE] Experimental cross-zone CSRF protection for flawed routers which
expose their WAN IP on their LAN interface (thanks al_9x for report)

Version 2.0rc4 490.5 KB Works with Firefox 3.0 - 4.0b3pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0rc4
==========================================================================
+ Anti-anti-adblocker generic page-level surrogate
+ Minimal surrogates for several ad/tracking sources
+ Revsci surrogate (thanks al_9x)
x Work-around for medicare.gov "benign" XSS

v 2.0rc3
==========================================================================
x Fixed X-Frame-Options being checked for plugin embeddings as well
(thanks Richard Johnson for reporting)

Version 2.0rc2 489.5 KB Works with Firefox 3.0 - 4.0b3pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0rc2
==========================================================================
+ External filters now receive the object URL as their 4th argument

Version 2.0rc1 489.5 KB Works with Firefox 3.0 - 4.0b2pre, Mobile 1.1 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

(Identical to 1.10, to update beta-testers)
v 1.10
==========================================================================
+ ABE built-in ruleset editor
+ Button to reset ABE's defaults
x Fixed setting noscript.cp.last to false causing embeddings not to be
blocked
x Fixed 2nd order InjectionChecker bypass (thanks Sirdarckcat for report)
+ External filters now receive the object referrer as their 3rd argument

Version 1.10 489.5 KB Works with Firefox 1.5 - 4.0b3pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.10
==========================================================================
+ ABE built-in ruleset editor
+ Button to reset ABE's defaults
x Fixed setting noscript.cp.last to false causing embeddings not to be
blocked
x Fixed 2nd order InjectionChecker bypass (thanks Sirdarckcat for report)
+ External filters now receive the object referrer as their 3rd argument

Version 1.9.9.99 489.5 KB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.99
==========================================================================
x Emergency fix for a page reload bug on Mac OS X causing high CPU
consumption after permission changes (thanks "D A" for reporting)

Version 1.9.9.99rc1 489.5 KB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

(Identical to 1.9.9.99 stable)
v 1.9.9.99
==========================================================================
x Emergency fix for a page reload bug on Mac OS X causing high CPU
consumption after permission changes (thanks "D A" for reporting)

Version 1.9.9.98rc7 489.5 KB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

(Identical 1.9.9.98 stable)
v 1.9.9.98
==========================================================================
+ Improved ClearClick clipping accuracy on framesets
+ Improved ClearClick clipping accuracy on nested scrolling elements

Version 1.9.9.98 489.5 KB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98
==========================================================================
+ Improved ClearClick clipping accuracy on framesets
+ Improved ClearClick clipping accuracy on nested scrolling elements

v 1.9.9.98rc6
==========================================================================
x Fixed work-around for Mozilla's bug 576492 breaking NoScript on browser
restart

v 1.9.9.98rc5
==========================================================================
+ Support for the latest Gecko 2 XPCOM changes
x Work-around for Mozilla's bug 576492

v 1.9.9.98rc4
==========================================================================
+ noscript.surrogates.debug preference enables console logging of uncaught
exceptions happening in surrogates (thanks al_9x for suggestion)
x Better error handling in surrogates, prevents a failing scripts to abort
the others
x Improved AMO surrogates, allows right-click menu to work on install
buttons (thanks Mc for reporting)


v 1.9.9.98rc3
==========================================================================
x Fixed bug on edge case minimum placeholder size computation when object
to be replaced is out of the current viewport
x Version compatibility bump for Firefox 4.0b2pre
x Fixed regression: untrusted icon not being shown when all the sources
of a page are untrusted (thanks al_9x for reporting)

v 1.9.9.98rc2
==========================================================================
+ window.toStaticHTML implementation
x Improved placeholders for embeds nested in ActiveX OBJECT elements

v 1.9.9.98rc1
==========================================================================
+ Surrogate for Google Search thumbnails when Google is not whitelisted
+ Automatic reload on permission change setting now affects pages
containing embeddings which change status too, whose reload can be also
forced through the noscript.autoReload.embedders preference:
0 - never reload
1 - inherit the noscript.autoReload setting
2 - force reload
+ Prevent reload on pages where a 3rd party script changed its
permissions status but the top-level is forbidden and unchanged
+ Surrogate to use InstallTrigger on AMO even if addons.mozilla.org is not
whitelisted

Version 1.9.9.98rc6 488.4 KB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98rc6
==========================================================================
x Fixed work-around for Mozilla's bug 576492 breaking NoScript on browser
restart

v 1.9.9.98rc5
==========================================================================
+ Support for the latest Gecko 2 XPCOM changes
x Work-around for Mozilla's bug 576492

Version 1.9.9.98rc4 488.4 KB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98rc4
==========================================================================
+ noscript.surrogates.debug preference enables console logging of uncaught
exceptions happening in surrogates (thanks al_9x for suggestion)
x Better error handling in surrogates, prevents a failing scripts to abort
the others
x Improved AMO surrogates, allows right-click menu to work on install
buttons (thanks Mc for reporting)

Version 1.9.9.98rc3 487.4 KB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98rc3
==========================================================================
x Fixed bug on edge case minimum placeholder size computation when object
to be replaced is out of the current viewport
x Version compatibility bump for Firefox 4.0b2pre
x Fixed regression: untrusted icon not being shown when all the sources
of a page are untrusted (thanks al_9x for reporting)

Version 1.9.9.98rc2 487.4 KB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

Version 1.9.9.98rc1 487.4 KB Works with Firefox 1.5 - 3.7a6pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98rc1
==========================================================================
+ Surrogate for Google Search thumbnails when Google is not whitelisted
+ Automatic reload on permission change setting now affects pages
containing embeddings which change status too, whose reload can be also
forced through the noscript.autoReload.embedders preference:
0 - never reload
1 - inherit the noscript.autoReload setting
2 - force reload
+ Prevent reload on pages where a 3rd party script changed its
permissions status but the top-level is forbidden and unchanged
+ Surrogate to use InstallTrigger on AMO even if addons.mozilla.org is not
whitelisted

Version 1.9.9.97 486.4 KB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.97
==========================================================================
x Fixed ClearClick false positives on Fx 3.5 and below (thanks Deniz Sofu
for reporting)
x Compatibility version bump for Seamokey trunk

v 1.9.9.97rc1
==========================================================================
x Fixed '@' surrogates being ran on scriptless pages
x Recentering on the parent form for ClearClick checks over a form widget
reduces false positives over obstructed frames

v 1.9.9.96
==========================================================================
x Fixed Script Surrogates activation glitches

v 1.9.9.95
==========================================================================
x Fixed wrongly sized placeholders on Youtube (regression from rc1)

v 1.9.9.95rc2
==========================================================================
x More accurated feedback on nested object blocking (thanks al_9x for
reporting)
+ External filters command line template updated with request origin as
the 3rd argument

v 1.9.9.95rc1
==========================================================================
+ imagebam surrogate kills popups over images and popunders on click
+ imagehaven surrogate kills popups over images and popunders on click
+ inserstitialBox surrogate kills interstital on imagevenue.com
+ "!@" prefixed surrogates run no matter whether scripts are enabled or
disabled for the page (in a DOMContentLoaded event handler)
x Fixed JS redirect handling causing duplicate object placeholders on
scriptless pages containing embeddings only
x Fixed ABE's SELF checks fail on redirects which contain a browser URL

v 1.9.9.94
==========================================================================
x Fixed bookmarklets support on non-whitelisted pages broken in non-Places
browsers like SeaMonkey (thanks therube for reporting)
X Better icon feedback on page where there's no script element but some
plugin content has been blocked

v 1.9.9.93
==========================================================================
x Fixed ClearClick false positives when RTL content or browser settings
put the vertical scrollbar on the left (thanks Mark Callow for report)
x Fixed setting noscript.checkInjectionType to false did not disable the
feature (thanks al_9x for report)
x More accurate embedded object replacement (thanks al_9x for report)

v 1.9.9.92
==========================================================================
x Fixed Places-related bug on Minefield (thanks mpz for reporting)
x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
(allow same domain) if either the parent or the frame is marked as
untrusted (thanks al_9x for suggestion)

v 1.9.9.91
==========================================================================
x More compatible docShell reaching, works around some buggy extensions
which wrap browser.webNavigation just partially
x InjectionChecker's XML reduction more compatible with SAML

v 1.9.9.90
==========================================================================
+ Optimal timing for page-level surrogates in frames
x ClearClick exceptions are considered independently from the JavaScript
whitelist as they should
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)

v 1.9.9.89
==========================================================================
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)
x More consistent icon feedback with docShell-based cascading JS blocking
(thanks al_9x for reporting)

v 1.9.9.88
==========================================================================
x Inclusion type checks try to infer file type from directory-like URLs
x More consistent web bugs blocking with forced NOSCRIPT elements
x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for
reporting)
x Version compatibility bump to Firefox 3.7a6pre

Version 1.9.9.96 486.4 KB Works with Firefox 3.6 - 3.7a6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 1.9.9.96
==========================================================================
x Fixed Script Surrogates activation glitches

v 1.9.9.95
==========================================================================
x Fixed wrongly sized placeholders on Youtube (regression from rc1)

v 1.9.9.95rc2
==========================================================================
x More accurated feedback on nested object blocking (thanks al_9x for
reporting)
+ External filters command line template updated with request origin as
the 3rd argument

v 1.9.9.95rc1
==========================================================================
+ imagebam surrogate kills popups over images and popunders on click
+ imagehaven surrogate kills popups over images and popunders on click
+ inserstitialBox surrogate kills interstital on imagevenue.com
+ "!@" prefixed surrogates run no matter whether scripts are enabled or
disabled for the page (in a DOMContentLoaded event handler)
x Fixed JS redirect handling causing duplicate object placeholders on
scriptless pages containing embeddings only
x Fixed ABE's SELF checks fail on redirects which contain a browser URL

v 1.9.9.94
==========================================================================
x Fixed bookmarklets support on non-whitelisted pages broken in non-Places
browsers like SeaMonkey (thanks therube for reporting)
X Better icon feedback on page where there's no script element but some
plugin content has been blocked

v 1.9.9.93
==========================================================================
x Fixed ClearClick false positives when RTL content or browser settings
put the vertical scrollbar on the left (thanks Mark Callow for report)
x Fixed setting noscript.checkInjectionType to false did not disable the
feature (thanks al_9x for report)
x More accurate embedded object replacement (thanks al_9x for report)

v 1.9.9.92
==========================================================================
x Fixed Places-related bug on Minefield (thanks mpz for reporting)
x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
(allow same domain) if either the parent or the frame is marked as
untrusted (thanks al_9x for suggestion)

v 1.9.9.91
==========================================================================
x More compatible docShell reaching, works around some buggy extensions
which wrap browser.webNavigation just partially
x InjectionChecker's XML reduction more compatible with SAML

v 1.9.9.90
==========================================================================
+ Optimal timing for page-level surrogates in frames
x ClearClick exceptions are considered independently from the JavaScript
whitelist as they should
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)

v 1.9.9.89
==========================================================================
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)
x More consistent icon feedback with docShell-based cascading JS blocking
(thanks al_9x for reporting)

v 1.9.9.88
==========================================================================
x Inclusion type checks try to infer file type from directory-like URLs
x More consistent web bugs blocking with forced NOSCRIPT elements
x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for
reporting)
x Version compatibility bump to Firefox 3.7a6pre

Version 1.9.9.87 484.4 KB Works with Firefox 1.5 - 3.7a6pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a2

v 1.9.9.87
==========================================================================
x Improved URL parsing in META refresh interception
x Optimized * universal pattern in AddressMatcher
x Better error reporting during the execution of location bar scriptlets

v 1.9.9.86
==========================================================================
+ Better timing for page-level script surrogates inside frames
+ mime/type@http://site.com syntax support for noscript.allowedMimeRegExp
preference (thanks Gregyski for request)
+ Improved XSS checks accuracy (less false positives) and performance
+ Enhanced management of recent Silverlight versions (thanks al_9x for
reporting)

v 1.9.9.85
==========================================================================
+ More accurate checks for META inside NOSCRIPT with HTML 5 parser
x Fixed possible DOS condition on some kinds of very long URLs

v 1.9.9.84
==========================================================================
x Improved heuristic for background refresh automatic blocking and
reenablement
x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element

v 1.9.9.83
==========================================================================
x Fixed some sites refreshing themselves even if another load has been
initiated (thanks Dirk S for reporting)

v 1.9.9.82
==========================================================================
+ More discreet and automated anti-tabnagging protection (refreshes are
blocked on unfocused tabs and get automatically executed only when
tab gets in focus again)
+ Slight optimization of AddressMatcher tests on .site.com clauses
x Fixed noscript.forbidBGRefresh.exceptions not being honored
x Better handling of error conditions happening during ABE's channel
replacement internal redirections (thanks al_9x for reporting)
x Fixed minor feedback icon glitches (thanks al_9x for reporting)

Version 1.9.9.81 483.3 KB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a2

v 1.9.9.81
==========================================================================
+ Experimental blocking of page refreshes happening inside untrusted
unfocused tabs, should provide protection against Aviv Raff's scriptless
"tabnabbing" variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference:
0 - no blocking
1 - block refreshes on untrusted unfocused tabs
2 - block refreshes on trusted unfocused tabs
3 - block refreshes on both trusted and untrusted unfocused tab
Address patterns matching pages which shouldn't be affected can be
listed in the noscript.forbidBGRefresh.exceptions preference
x Fixed XSS false positive in new 3.7 add-ons manager
x Fixed meta-refresh URL parsing mismatch
x Fixed import script surrogates being broken by a 1.9.9.79 regression

v 1.9.9.80
==========================================================================
x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed but some objects blocked" one when the blocked objects' domains
are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
request is for a subdocument (the blocking is logged in the Console, use
SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
for reporting)

v 1.9.9.79
==========================================================================
x Script surrogates whose source starts with the '!' get executed on
pages where scripts are disabled (on document DOM completion, rather
than before HTML parsing starts like regular surrogates)

Version 1.9.9.80 482.3 KB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre

1.9.9.80
==========================================================================
x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed but some objects blocked" one when the blocked objects' domains
are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
request is for a subdocument (the blocking is logged in the Console, use
SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
for reporting)

v 1.9.9.79
==========================================================================
x Script surrogates whose source starts with the '!' get executed on
pages where scripts are disabled (on document DOM completion, rather
than before HTML parsing starts like regular surrogates)

v 1.9.9.78
==========================================================================
x Redirect cache for scripts and XBL only
x Fixed cross-site CSS being blocked under some circumstances (e.g.
on Flicker and Yahoo)

Version 1.9.9.77 483.3 KB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre


v 1.9.9.77
==========================================================================
+ ABE INCLUSION(type1, type2, type3...) pseudo-method allows rules to take
request type (e.g. SCRIPT vs CSS) in account
+ ABE SELF+ (same domain) and SELF++ (same base domain) pseudo-origins
x Fixed iconic feedback inconsistencies when untrusted blocked objects
are mixed with full-trusted content (tanks al_9x for reporting)
x Fixed Injection Checker false positives on some kinds of complex nested
URLs (thanks Sirdarckcat for reporting)
x Tweaked ClearClick for Disqus compatibility (thanks John for reporting)

v 1.9.9.76
==========================================================================
x Fixed broken menu on Minefield when External Filters are enabled (thanks
linuser for reporting)
x Fixed about: URL not being shown in NoScript menu (thanks al_9x for
reporting)
x Removed minor strict warnings on Minefield

v 1.9.9.75
==========================================================================
x Redirected site caching now skips plugin content
x Removed __parent__ usages for Minefield compatibility
x Removed some strict warnings (thanks timeless for reporting)

Version 1.9.9.74 480.3 KB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.74
==========================================================================
x Fixed false positive issue with empty cross-site POST requests (thanks
Bahamut for reporting)

v 1.9.9.73
==========================================================================
x Fixed potential double-firing command issue on Firefox Mobile
+ Added about:addons and about:home to the mandatory whitelist
+ Improved responsivity and usability on Firefox Mobile

v 1.9.9.72
==========================================================================
x Fixed configuration import/export/synchronization bug introduced by
"configuration presets" for Firefox Mobile
+ Finger-friendlier UI on Firefox Mobile

Version 1.9.9.71 479.2 KB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.71
==========================================================================
+ Added "Allowed with untrusted sources and blocked objects" icon
x Fixed minor inconsistencies in new partial allowance feedback icons
(thanks al_9x for reporting)

v 1.9.9.70
==========================================================================
+ Compatibility and better integration with latest Firefox Mobile (Fennec)
+ Experimental external filters for plugin content (e.g. Blitzableiter for
Adobe Flash), see NoScript Options|Advanced|External Filters (Fx >=3.5)
+ New specific partial status icon for pages where all scripts are allowed
but some objects are blocked (thanks al_9x for RFE)
+ "about:blank" won't be shown as a secondary source in NoScript's UI. Old
behavior can be restored by setting the noscript.showBlankSources
preference to true (thanks al_9x for RFE)
+ googleapis.com in the default whitelist
x Fixed 2nd order indirect InjectionChecker bypass (thanks Sirdarckcat for
reporting)
x Fixed a Mac OS X specific InjectionChecker decoding issue (thanks
Colling Jackson for reporting)

Version 1.9.9.69 468.0 KB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.69
==========================================================================
x Further compatibility improvements in complex bookmarklets handling

v 1.9.9.68
==========================================================================
x Better asynchronous bookmarklets handling, should not crash on
Readability anymore
x Ultimate (maybe!) fix for trunk bug 556739 breakage

v 1.9.9.67
==========================================================================
x Better fix for trunk bug 556739 breakage

v 1.9.9.66
==========================================================================
x Further embed-only sites in menu fixes (thanks al_9x for reporting)

v 1.9.9.65
==========================================================================
x Fixed bookmarklet support broken on trunk by bug 556739 (thanks dhouwn
for reporting)
x Fixed embed-only sites shown in main menu again (thanks al_9x for
reporting)

v 1.9.9.64
==========================================================================
x Better untrusted menu behavior on embedding only sources (thanks al_9x
for reporting)
x Improved InjectionChecker compatibility with OpenID and other complex
requests (thanks Jamie Cox for reporting)
x Fixed accurate Base64 injection checks breaking some encrypted Paypal
buttons