NoScript Security Suite Version History

882 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.0.9.9rc6 498.7 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b3

v 2.0.9.9rc6
==========================================================================
x Fixed spaces in ipecho response breaking WAN IP detection with one of
the mirrors
+ Experimental built-in profiler for debugging purposes

v 2.0.9.9rc5
==========================================================================
+ Compatibility with Fire.fm
+ [XSS] Compatibility with latest Readability
x Tentative work-around for a WAN IP detection issue after sleep/wakeup

v 2.0.9.9rc4
==========================================================================
+ Forced text-plain on documents which miss a content-type header but send
"X-Content-Type-Options: nosniff"
+ Increased compatibility of the X-Content-Options implementation

v 2.0.9.9rc3
==========================================================================
x Work-around for surrogates not being executed on latest Fx 4 builds
x X-Content-Options implementation more compatible with Browserscope

v 2.0.9.9rc2
==========================================================================
x Fixed AJAX fallback last-minute breakage (thanks dhouwn for report)

v 2.0.9.9rc1
==========================================================================
+ Improved XSS filter to protect against potential risks from new HTML 5
features
+ AJAX fallback support via Google's _escaped_fragment_ recommendation,
can disabled by toggling the noscript.ajaxFallback.enabled preference
(see https://code.google.com/web/ajaxcrawling/, thanks alexbobp for RFE)
+ New noscript.placeholderLongTip about:config preference to control
whether embedding placeholder tooltips should include query strings
and hash fragments or not (true by default)

Version 2.0.9.9rc4 497.7 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.9rc4
==========================================================================
+ Forced text-plain on documents which miss a content-type header but send
"X-Content-Type-Options: nosniff"
+ Increased compatibility of the X-Content-Options implementation

v 2.0.9.9rc3
==========================================================================
x Work-around for surrogates not being executed on latest Fx 4 builds
x X-Content-Options implementation more compatible with Browserscope

v 2.0.9.9rc2
==========================================================================
x Fixed AJAX fallback last-minute breakage (thanks dhouwn for report)

v 2.0.9.9rc1
==========================================================================
+ Improved XSS filter to protect against potential risks from new HTML 5
features
+ AJAX fallback support via Google's _escaped_fragment_ recommendation,
can disabled by toggling the noscript.ajaxFallback.enabled preference
(see https://code.google.com/web/ajaxcrawling/, thanks alexbobp for RFE)
+ New noscript.placeholderLongTip about:config preference to control
whether embedding placeholder tooltips should include query strings
and hash fragments or not (true by default)

Version 2.0.9.8.1-signed 496.6 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b3

v 2.0.9.8
==========================================================================
x Fixed empty tooltip for embedded placeholder on some RTL pages (thanks
Saad for reporting)
x Truncate URLs in placeholders tooltips at the the query string or hash,
to increase readability (thanks anystupidassname for RFE)
x Increased WAN IP checks interval to 1 hour reducing log spam on routers
- Removed some obsolete code

v 2.0.9.8rc2
==========================================================================
x Fixed all IPv6 addresses in fc80::/24 subnet being erronously treated
like link-local addresses (thanks Jojo999 for reporting)
x Fixed "Unsafe Reload" not working for sanitized POST requests from
untrusted to trusted sites (thanks Lucas Malor for reporting)
+ Better compatibility with Paypal button hosted on non-whitelisted sites
+ Added mozilla.net to the default whitelist for AMO compatibility

v 2.0.9.8rc1
==========================================================================
x [UI] Fixed toolbar button being added on the right of the window resizer
when Fx 4 is run for the first time with NoScript and the add-on bar is
visible
+ [UI] Hitting the "show UI" shortcut (ctrl+shift+S) a second time
dismisses NoScript's popup menu (thanks jso for RFE)
x [DNT] Restored header reordering after DNT header is added, in order to
match Firefox 4's header fingerprint

Version 2.0.9.8rc3 496.6 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.8rc3 (same as 2.0.9.8 final)
==========================================================================
x Fixed empty tooltip for embedded placeholder on some RTL pages (thanks
Saad for reporting)
x Truncate URLs in placeholders tooltips at the the query string or hash,
to increase readability (thanks anystupidassname for RFE)
x Increased WAN IP checks interval to 1 hour reducing log spam on routers
- Removed some obsolete code

v 2.0.9.8rc2
==========================================================================
x Fixed all IPv6 addresses in fc80::/24 subnet being erronously treated
like link-local addresses (thanks Jojo999 for reporting)
x Fixed "Unsafe Reload" not working for sanitized POST requests from
untrusted to trusted sites (thanks Lucas Malor for reporting)
+ Better compatibility with Paypal button hosted on non-whitelisted sites
+ Added mozilla.net to the default whitelist for AMO compatibility

v 2.0.9.8rc1
==========================================================================
x [UI] Fixed toolbar button being added on the right of the window resizer
when Fx 4 is run for the first time with NoScript and the add-on bar is
visible
+ [UI] Hitting the "show UI" shortcut (ctrl+shift+S) a second time
dismisses NoScript's popup menu (thanks jso for RFE)
x [DNT] Restored header reordering after DNT header is added, in order to
match Firefox 4's header fingerprint

Version 2.0.9.8rc2 497.7 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.8rc2
==========================================================================
x Fixed all IPv6 addresses in fc80::/24 subnet being erronously treated
like link-local addresses (thanks Jojo999 for reporting)
x Fixed "Unsafe Reload" not working for sanitized POST requests from
untrusted to trusted sites (thanks Lucas Malor for reporting)
+ Better compatibility with Paypal button hosted on non-whitelisted sites

v 2.0.9.8rc1
==========================================================================
x [UI] Fixed toolbar button being added on the right of the window resizer
when Fx 4 is run for the first time with NoScript and the add-on bar is
visible
+ [UI] Hitting the "show UI" shortcut (ctrl+shift+S) a second time
dismisses NoScript's popup menu (thanks jso for RFE)
x Restored header reordering after DNT header is added, in order to match
Firefox 4's header fingerprint

Version 2.0.9.8rc1 497.7 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b3

v 2.0.9.8rc1
==========================================================================
x [UI] Fixed toolbar button being added on the right of the window resizer
when Fx 4 is run for the first time with NoScript and the add-on bar is
visible
+ [UI] Hitting the "show UI" shortcut (ctrl+shift+S) a second time
dismisses NoScript's popup menu (thanks jso for RFE)
x Restored header reordering after DNT header is added, in order to match
Firefox 4's header fingerprint

Version 2.0.9.7.1-signed 496.6 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b3

v 2.0.9.7
==========================================================================
x Fixed status label menu popping up in a wrong position
x Updated locales

v 2.0.9.7rc5
==========================================================================
x Fixed external filters submenu not removed when external filters are
disabled
x Blocked objects menus show IFRAME/FRAME rather than mime type info for
blocked frames (thanks al_9x for suggestion)
+ Restored legacy status label by popular request
+ Sticky menu can be triggered by left clicking on status label now

v 2.0.9.7rc4
==========================================================================
x Work-around for menu icons hidden with some Linux distros and themes
(thanks nickr for reporting)
x Changed the X-Do-Not-Track header name to DNT in anticipation of an IETF
Internet-Draft, per Jonathan Mayer
x noscript.doNotTrack.forced gets honored for local addresses now (thanks
Heptite for RFE)
x Fixed partial external filter definition could not be saved
x Fixed empty external filter whitelist could not be validated

v 2.0.9.7rc3
==========================================================================
x Fixed exception on cross-site POST requests from URIs not supporting
the host component (thanks JeffCO for reporting)
x Fixed JS redirection detection being activated also on whitelisted
pages sometimes (thanks scratchpaper for reporting)

v 2.0.9.7rc2
==========================================================================
+ 64x64 icon for Fx 4's add-ons manager
x Fixed bookmarklet execution machinery active even when JavaScript is
disabled by Firefox's content options (thanks Martin Focke foir report)
x Tentative work-around for toolbar button being oriented vertically in
some themes, disrupting toolbar's layout
x More updated locales

v 2.0.9.7rc1
==========================================================================
x Fixed a ClearClick bypass possible to whitelisted attackers who can run
JavaScript (thanks Atul Agarwal for reporting)
x Updated locales
x Improved K-Meleon portability (thanks jk- for RFE)

Version 2.0.9.7rc6 496.6 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.7rc6 (same as 2.0.9.7 final)
==========================================================================
x Fixed status label menu popping up in a wrong position
x Updated locales

v 2.0.9.7rc5
==========================================================================
x Fixed external filters submenu not removed when exteral filters are
disabled
x Blocked objects menus show IFRAME/FRAME rather than mime type info for
blocked frames (thanks al_9x for suggestion)
+ Restored legacy status label by popular request
+ Sticky menu can be triggered by left clicking on status label now

v 2.0.9.7rc4
==========================================================================
x Work-around for menu icons hidden with some Linux distros and themes
(thanks nickr for reporting)
x Changed the X-Do-Not-Track header name to DNT in anticipation of an IETF
Internet-Draft, per Jonathan Mayer
x noscript.doNotTrack.forced gets honored for local addresses now (thanks
Heptite for RFE)
x Fixed partial external filter definition could not be saved
x Fixed empty external filter whitelist could not be validated

v 2.0.9.7rc3
==========================================================================
x Fixed exception on cross-site POST requests from URIs not supporting
the host component (thanks JeffCO for reporting)
x Fixed JS redirection detection being activated also on whitelisted
pages sometimes (thanks scratchpaper for reporting)

v 2.0.9.7rc2
==========================================================================
+ 64x64 icon for Fx 4's add-ons manager
x Fixed bookmarklet execution machinery active even when JavaScript is
disabled by Firefox's content options (thanks Martin Focke foir report)
x Tentative work-around for toolbar button being oriented vertically in
some themes, disrupting toolbar's layout
x More updated locales

v 2.0.9.7rc1
==========================================================================
x Fixed a ClearClick bypass possible to whitelisted attackers who can run
JavaScript (thanks Atul Agarwal for reporting)
x Updated locales
x Improved K-Meleon portability (thanks jk- for RFE)

Version 2.0.9.7rc5 496.6 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.7rc5
==========================================================================
x Fixed external filters submenu not removed when exteral filters are
disabled
x Blocked objects menus show IFRAME/FRAME rather than mime type info for
blocked frames (thanks al_9x for suggestion)
+ Restored legacy status label by popular request
+ Sticky menu can be triggered by left clicking on status label now

Version 2.0.9.7rc4 496.6 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.7rc4
==========================================================================
x Work-around for menu icons hidden with some Linux distros and themes
(thanks nickr for reporting)
x Changed the X-Do-Not-Track header name to DNT in anticipation of an IETF
Internet-Draft, per Jonathan Mayer
x noscript.doNotTrack.forced gets honored for local addresses now (thanks
Heptite for RFE)
x Fixed partial external filter definition could not be saved
x Fixed empty external filter whitelist could not be validated

v 2.0.9.7rc3
==========================================================================
x Fixed exception on cross-site POST requests from URIs not supporting
the host component (thanks JeffCO for reporting)
x Fixed JS redirection detection being activated also on whitelisted
pages sometimes (thanks scratchpaper for reporting)

v 2.0.9.7rc2
==========================================================================
+ 64x64 icon for Fx 4's add-ons manager
x Fixed bookmarklet execution machinery active even when JavaScript is
disabled by Firefox's content options (thanks Martin Focke foir report)
x Tentative work-around for toolbar button being oriented vertically in
some themes, disrupting toolbar's layout
x More updated locales

v 2.0.9.7rc1
==========================================================================
x Fixed a ClearClick bypass possible to whitelisted attackers who can run
JavaScript (thanks Atul Agarwal for reporting)
x Updated locales
x Improved K-Meleon portability (thanks jk- for RFE)

Version 2.0.9.7rc3 495.6 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.7rc3
==========================================================================
x Fixed exception on cross-site POST requests from URIs not supporting
the host component (thanks JeffCO for reporting)
x Fixed JS redirection detection being activated also on whitelisted
pages sometimes (thanks scratchpaper for reporting)

v 2.0.9.7rc2
==========================================================================
+ 64x64 icon for Fx 4's add-ons manager
x Fixed bookmarklet execution machinery active even when JavaScript is
disabled by Firefox's content options (thanks Martin Focke foir report)
x Tentative work-around for toolbar button being oriented vertically in
some themes, disrupting toolbar's layout
x More updated locales

v 2.0.9.7rc1
==========================================================================
x Fixed a ClearClick bypass possible to whitelisted attackers who can run
JavaScript (thanks Atul Agarwal for reporting)
x Updated locales
x Improved K-Meleon portability (thanks jk- for RFE)

Version 2.0.9.7rc1 486.4 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.7rc1
==========================================================================
x Fixed a ClearClick bypass possible to whitelisted attackers who can run
JavaScript (thanks Atul Agarwal for reporting)
x Updated locales
x Improved K-Meleon portability (thanks jk- for RFE)

Version 2.0.9.6.1-signed 482.3 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.6
==========================================================================
x X-Do-Not-Track after a DNS cache miss causing some embedded content
requests to fail
+ Contribution button on the bottom of the Options dialog

v 2.0.9.5
==========================================================================
x Fixed NoScript toolbar buttons having wrong orientation in "icon and
text" mode

v 2.0.9.4
==========================================================================
x Fixed toolbar button does not open the menu (unless you click the little
arrow) if you disable hovering and toggling (thanks bleh for report)
- Removed dynamic localization fallback at runtime
+ Added static localization fallback to the build system
x Localization layout cleanup
x Legacy files cleanup

v 2.0.9.4rc2
==========================================================================
x Removed toolbarbutton-specific stylings
+ Better web compatibility for X-Content-Options
+ Better home router compatibility for X-Do-Not-Track

v 2.0.9.4rc1
==========================================================================
x Fixed DoNotTrack exceptions/forced patterns not being enforced
x Tentative work-around for basic HTTP authentication failing with some
servers when X-Do-Not-Track is sent

Version 2.0.9.6rc1 482.3 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.6rc1 (same as 2.0.9.6 final)
==========================================================================
x X-Do-Not-Track after a DNS cache miss causing some embedded content
requests to fail

Version 2.0.9.4rc3 482.3 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.4rc3
==========================================================================
x Fixed toolbar button does not open the menu (unless you click the little
arrow) if you disable hovering and toggling (thanks bleh for report)
- Removed dynamic localization fallback at runtime
+ Added static localization fallback to the build system
x Localization layout cleanup
x Legacy files cleanup

v 2.0.9.4rc2
==========================================================================
x Removed toolbarbutton-specific stylings
+ Better web compatibility for X-Content-Options
+ Better home router compatibility for X-Do-Not-Track

v 2.0.9.4rc1
==========================================================================
x Fixed DoNotTrack exceptions/forced patterns not being enforced
x Tentative work-around for basic HTTP authentication failing with some
servers when X-Do-Not-Track is sent

Version 2.0.9.3.1-signed 484.4 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.3
==========================================================================
x Fixed some cross-site requests containing JSON-like fragments broken

Version 2.0.9.3rc1 484.4 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

2.0.9.3rc1
==========================================================================
x Fixed some cross-site requests containing JSON-like fragments broken

Version 2.0.9.2.1-signed 484.4 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.2
==========================================================================
x Fixed forbid META refresh inside NOSCRIPT elements regression

v 2.0.9.1
==========================================================================
x Fixed partial options dialog breakage (ClearClick and Import/Export)

v 2.0.9
==========================================================================
- Removed JAR blocking (obsolete in supported browser versions)
- Removed emulated TLD service
x Hidden status bar icon option on applications which have no status bar
x Fixed noscript.doNotTrack.* preferences not being honored

v 2.0.9rc5
==========================================================================
x Fixed wrong popup position on status bar icon (Fx 3.6.x and below only)

v 2.0.9rc4
==========================================================================
+ X-Do-Not-Track and X-Behavioral-Ad-Opt-Out (tracking opt-out) support,
controlled by the noscript.doNotTrack.* about:config preferences
x Restored "left+click on NoScript icon reopens the menu in legacy mode
even if it's already opened in hover mode" feature
x Fixed bug preventing channel replacement when the HTTP method changes
+ Embedded permissions are now bound to the embedding site (thanks al_9x
for RFE)
x Fixed permissions keys for Flash embeddings include FlashVars PARAMETER
elements, rather than just attributes (thanks breakBug for report)
x Fixed embedding permission changes not honoring disabled autoreload
preferences (thanks MMlosh for reporting)

v 2.0.9rc3
==========================================================================
+ Middle clicking toolbar button temporarily allows all on current page
- Removed forced embedding opacization legacy feature
- Removed tooltips from icons spawning hover UI
- Disabled permission toggling on left+click for hover UI toolbar buttons
(can be reenabled by setting noscript.hoverUI.excludeToggling to true)
x Fixed notification regression

v 2.0.9rc2
==========================================================================
x No extra spacer added on addon-bar during first customization
x Long menus automatically scroll to the bottom when opened from the
bottom of the browser
x Fixed legacy status bar icon switching permissions on left+click like
the toolbar button
x Fixed legacy status bar icon always getting "after_start" popup position

v 2.0.9rc1
==========================================================================
+ Improved anti-popunder surrogate
+ Check for UI accessibility of Firefox 4 with hidden addon-bar and
automatic installation of toolbar button on fail
x Fixed whitelisted iframe blocking getting in the way of web content
embedded by privileged tabs (e.g. Firefox 4's add-on manager)
x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
mini buttons
x Fixed tooltips getting in the way of hover UI
- Removed status bar label
x Fixed regression: permissions changes on sites with non-standard ports
failed to trigger page reload (thanks Andrew Black for reporting)
x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
for reporting)

Version 2.0.9.2rc1 484.4 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.2rc1 (same as 2.0.9.2 final)
==========================================================================
x Fixed forbid META refresh inside NOSCRIPT elements regression

v 2.0.9.1rc1 (same as 2.0.9.1 final)
==========================================================================
x Fixed partial options dialog breakage (ClearClick and Import/Export)

v 2.0.9rc6
==========================================================================
- Removed JAR blocking (obsolete in supported browser versions)
- Removed emulated TLD service
x Hidden status bar icon option on applications which have no status bar
x Fixed noscript.doNotTrack.* preferences not being honored

v 2.0.9rc5
==========================================================================
x Fixed wrong popup position on status bar icon (Fx 3.6.x and below only)

v 2.0.9rc4
==========================================================================
+ X-Do-Not-Track and X-Behavioral-Ad-Opt-Out (tracking opt-out) support,
controlled by the noscript.doNotTrack.* about:config preferences
x Restored "left+click on NoScript icon reopens the menu in legacy mode
even if it's already opened in hover mode" feature
x Fixed bug preventing channel replacement when the HTTP method changes
+ Embedded permissions are now bound to the embedding site (thanks al_9x
for RFE)
x Fixed permissions keys for Flash embeddings include FlashVars PARAMETER
elements, rather than just attributes (thanks breakBug for report)
x Fixed embedding permission changes not honoring disabled autoreload
preferences (thanks MMlosh for reporting)

v 2.0.9rc3
==========================================================================
+ Middle clicking toolbar button temporarily allows all on current page
- Removed forced embedding opacization legacy feature
- Removed tooltips from icons spawning hover UI
- Disabled permission toggling on left+click for hover UI toolbar buttons
(can be reenabled by setting noscript.hoverUI.excludeToggling to true)
x Fixed notification regression

v 2.0.9rc2
==========================================================================
x No extra spacer added on addon-bar during first customization
x Long menus automatically scroll to the bottom when opened from the
bottom of the browser
x Fixed legacy status bar icon switching permissions on left+click like
the toolbar button
x Fixed legacy status bar icon always getting "after_start" popup position

v 2.0.9rc1
==========================================================================
+ Improved anti-popunder surrogate
+ Check for UI accessibility of Firefox 4 with hidden addon-bar and
automatic installation of toolbar button on fail
x Fixed whitelisted iframe blocking getting in the way of web content
embedded by privileged tabs (e.g. Firefox 4's add-on manager)
x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
mini buttons
x Fixed tooltips getting in the way of hover UI
- Removed status bar label
x Fixed regression: permissions changes on sites with non-standard ports
failed to trigger page reload (thanks Andrew Black for reporting)
x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
for reporting)

Version 2.0.9.1rc1 484.4 kB Works with Firefox 3.0 - 4.0b9pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9.1rc1 (same as 2.0.9.1 final)
==========================================================================
x Fixed partial options dialog breakage (ClearClick and Import/Export)

v 2.0.9rc6
==========================================================================
- Removed JAR blocking (obsolete in supported browser versions)
- Removed emulated TLD service
x Hidden status bar icon option on applications which have no status bar
x Fixed noscript.doNotTrack.* preferences not being honored

v 2.0.9rc5
==========================================================================
x Fixed wrong popup position on status bar icon (Fx 3.6.x and below only)

v 2.0.9rc4
==========================================================================
+ X-Do-Not-Track and X-Behavioral-Ad-Opt-Out (tracking opt-out) support,
controlled by the noscript.doNotTrack.* about:config preferences
x Restored "left+click on NoScript icon reopens the menu in legacy mode
even if it's already opened in hover mode" feature
x Fixed bug preventing channel replacement when the HTTP method changes
+ Embedded permissions are now bound to the embedding site (thanks al_9x
for RFE)
x Fixed permissions keys for Flash embeddings include FlashVars PARAMETER
elements, rather than just attributes (thanks breakBug for report)
x Fixed embedding permission changes not honoring disabled autoreload
preferences (thanks MMlosh for reporting)

v 2.0.9rc3
==========================================================================
+ Middle clicking toolbar button temporarily allows all on current page
- Removed forced embedding opacization legacy feature
- Removed tooltips from icons spawning hover UI
- Disabled permission toggling on left+click for hover UI toolbar buttons
(can be reenabled by setting noscript.hoverUI.excludeToggling to true)
x Fixed notification regression

v 2.0.9rc2
==========================================================================
x No extra spacer added on addon-bar during first customization
x Long menus automatically scroll to the bottom when opened from the
bottom of the browser
x Fixed legacy status bar icon switching permissions on left+click like
the toolbar button
x Fixed legacy status bar icon always getting "after_start" popup position

v 2.0.9rc1
==========================================================================
+ Improved anti-popunder surrogate
+ Check for UI accessibility of Firefox 4 with hidden addon-bar and
automatic installation of toolbar button on fail
x Fixed whitelisted iframe blocking getting in the way of web content
embedded by privileged tabs (e.g. Firefox 4's add-on manager)
x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
mini buttons
x Fixed tooltips getting in the way of hover UI
- Removed status bar label
x Fixed regression: permissions changes on sites with non-standard ports
failed to trigger page reload (thanks Andrew Black for reporting)
x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
for reporting)

Version 2.0.9rc6 484.4 kB Works with Firefox 3.0 - 4.0b9pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9rc6 (same as 2.0.9 final)
==========================================================================
- Removed JAR blocking (obsolete in supported browser versions)
- Removed emulated TLD service
x Hidden status bar icon option on applications which have no status bar
x Fixed noscript.doNotTrack.* preferences not being honored

v 2.0.9rc5
==========================================================================
x Fixed wrong popup position on status bar icon (Fx 3.6.x and below only)

v 2.0.9rc4
==========================================================================
+ X-Do-Not-Track and X-Behavioral-Ad-Opt-Out (tracking opt-out) support,
controlled by the noscript.doNotTrack.* about:config preferences
x Restored "left+click on NoScript icon reopens the menu in legacy mode
even if it's already opened in hover mode" feature
x Fixed bug preventing channel replacement when the HTTP method changes
+ Embedded permissions are now bound to the embedding site (thanks al_9x
for RFE)
x Fixed permissions keys for Flash embeddings include FlashVars PARAMETER
elements, rather than just attributes (thanks breakBug for report)
x Fixed embedding permission changes not honoring disabled autoreload
preferences (thanks MMlosh for reporting)

v 2.0.9rc3
==========================================================================
+ Middle clicking toolbar button temporarily allows all on current page
- Removed forced embedding opacization legacy feature
- Removed tooltips from icons spawning hover UI
- Disabled permission toggling on left+click for hover UI toolbar buttons
(can be reenabled by setting noscript.hoverUI.excludeToggling to true)
x Fixed notification regression

v 2.0.9rc2
==========================================================================
x No extra spacer added on addon-bar during first customization
x Long menus automatically scroll to the bottom when opened from the
bottom of the browser
x Fixed legacy status bar icon switching permissions on left+click like
the toolbar button
x Fixed legacy status bar icon always getting "after_start" popup position

v 2.0.9rc1
==========================================================================
+ Improved anti-popunder surrogate
+ Check for UI accessibility of Firefox 4 with hidden addon-bar and
automatic installation of toolbar button on fail
x Fixed whitelisted iframe blocking getting in the way of web content
embedded by privileged tabs (e.g. Firefox 4's add-on manager)
x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
mini buttons
x Fixed tooltips getting in the way of hover UI
- Removed status bar label
x Fixed regression: permissions changes on sites with non-standard ports
failed to trigger page reload (thanks Andrew Black for reporting)
x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
for reporting)

Version 2.0.9rc5 501.8 kB Works with Firefox 3.0 - 4.0b9pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9rc5
==========================================================================
x Fixed wrong popup position on status bar icon (Fx 3.6.x and below only)

v 2.0.9rc4
==========================================================================
+ X-Do-Not-Track and X-Behavioral-Ad-Opt-Out (tracking opt-out)support,
controlled by the noscript.doNotTrack.* about:config preferences
x Restored "left+click on NoScript icon reopens the menu in legacy mode
even if it's already opened in hover mode" feature
x Fixed bug preventing channel replacement when the HTTP method changes
+ Embedded permissions are now bound to the embedding site (thanks al_9x
for RFE)
x Fixed permissions keys for Flash embeddings include FlashVars PARAMETER
elements, rather than just attributes (thanks breakBug for report)
x Fixed embedding permission changes not honoring disabled autoreload
preferences (thanks MMlosh for reporting)

v 2.0.9rc3
==========================================================================
+ Middle clicking toobar button allows all on current page
- Removed forced embedding opacization legacy feature
- Removed tooltips from icons spawning hover UI
- Disabled permission toggling on left+click for hover UI toolbar buttons
(can be reenabled by setting noscript.hoverUI.excludeToggling to true)
x Fixed notification regression

v 2.0.9rc2
==========================================================================
x No extra spacer added on addon-bar during first customization
x Long menus automatically scroll to the bottom when opened from the
bottom of the browser
x Fixed legacy status bar icon switching permissions on left+click like
the toolbar button
x Fixed legacy status bar icon always getting "after_start" popup position

v 2.0.9rc1
==========================================================================
+ Improved anti-popunder surrogate
+ Check for UI accessibility of Firefox 4 with hidden addon-bar and
automatic installation of toolbar button on fail
x Fixed whitelisted iframe blocking getting in the way of web content
embedded by privileged tabs (e.g. Firefox 4's add-on manager)
x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
mini buttons
x Fixed tooltips getting in the way of hover UI
- Removed status bar label
x Fixed regression: permissions changes on sites with non-standard ports
failed to trigger page reload (thanks Andrew Black for reporting)
x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
for reporting)

Version 2.0.9rc3 502.8 kB Works with Firefox 3.0 - 4.0b9pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9rc3
==========================================================================
+ Middle clicking toobar button allows all on current page
- Removed forced embedding opacization legacy feature
- Removed tooltips from icons spawning hover UI
- Disabled permission toggling on left+click for hover UI toolbar buttons
(can be reenabled by setting noscript.hoverUI.excludeToggling to true)
x Fixed notification regression

v 2.0.9rc2
==========================================================================
x No extra spacer added on addon-bar during first customization
x Long menus automatically scroll to the bottom when opened from the
bottom of the browser
x Fixed legacy status bar icon switching permissions on left+click like
the toolbar button
x Fixed legacy status bar icon always getting "after_start" popup position

v 2.0.9rc1
==========================================================================
+ Improved anti-popunder surrogate
+ Check for UI accessibility of Firefox 4 with hidden addon-bar and
automatic installation of toolbar button on fail
x Fixed whitelisted iframe blocking getting in the way of web content
embedded by privileged tabs (e.g. Firefox 4's add-on manager)
x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
mini buttons
x Fixed tooltips getting in the way of hover UI
- Removed status bar label
x Fixed regression: permissions changes on sites with non-standard ports
failed to trigger page reload (thanks Andrew Black for reporting)
x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
for reporting)

Version 2.0.9rc2 504.8 kB Works with Firefox 3.0 - 4.0b9pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.9rc2
==========================================================================
x No extra spacer added on addon-bar during first customization
x Long menus automatically scroll to the bottom when opened from the
bottom of the browser
x Fixed legacy status bar icon switching permissions on left+click like
the toolbar button
x Fixed legacy status bar icon always getting "after_start" popup position

v 2.0.9rc1
==========================================================================
+ Improved anti-popunder surrogate
+ Check for UI accessibility of Firefox 4 with hidden addon-bar and
automatic installation of toolbar button on fail
x Fixed whitelisted iframe blocking getting in the way of web content
embedded by privileged tabs (e.g. Firefox 4's add-on manager)
x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
mini buttons
x Fixed tooltips getting in the way of hover UI
- Removed status bar label
x Fixed regression: permissions changes on sites with non-standard ports
failed to trigger page reload (thanks Andrew Black for reporting)
x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
for reporting)

Version 2.0.9rc1 504.8 kB Works with Firefox 3.0 - 4.0b9pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2


v 2.0.9rc1
==========================================================================
+ Improved anti-popunder surrogate
+ Check for UI accessibility of Firefox 4 with hidden addons-bar and
automatic installation of toolbar button on fail
x Fixed whitelisted iframe blocking getting in the way of web content
embedded by privileged tabs (e.g. Firefox 4's add-on manager)
x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
mini buttons
x Fixed tooltips getting in the way of hover UI
- Removed status bar label
x Fixed regression: permissions changes on sites with non-standard ports
failed to trigger page reload (thanks Andrew Black for reporting)
x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
for reporting)

Version 2.0.8.1 504.8 kB Works with Firefox 3.0 - 4.0b9pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.8.1
==========================================================================
x Fixed new IFRAME-based Youtube embedding method broken on non
whitelisted pages with embedding restrictions (thanks al_9x for report)

v 2.0.8
==========================================================================
x Fixed toolbar buttons icon size on Firefox 4 Windows theme
+ XSS check on permissions changes, suppressing events and forcing
filtered reload if an injection is found (thanks "dave b" for reporting)
x Fixed graphic glitches on menu showing with accelerated graphics (thanks
Das for reporting)
x Fixed permission changes causing unrelated tabs to be reloaded when
automatic permissions had been previously granted

v 2.0.8rc2
==========================================================================
x Fixed unhandled exception caused by LiveConnect interception logging (
thanks al_9x for reporting)
x Optimized QueryInterface generation
+ [ABE] 6to4 IP addresses support
x Fixed LiveConnect interception firing a dummy JVM sometimes on Gecko 2.0

v 2.0.8rc1
==========================================================================
x LiveConnect interception time reduced by 10 on Firefox 3.6 and by 100 on
Firefox 4 (about 1ms each)
x Restored LiveConnect interception logging (LOG_CONTENT_INTERCEPT mask)
x Fixed bug in fake redirections code, causing it not to honor the
redirection limit settings (thanks Peter Eckersley)
x [XSS] Improved SQLXSSI detection accuracy
x Updated revsci surrogate (thanks al_9x)

Version 2.0.8.1rc1 504.8 kB Works with Firefox 3.0 - 4.0b9pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.8.1rc1 (same as 2.0.8.1 final)
==========================================================================
x Fixed new IFRAME-based Youtube embedding method broken on non
whitelisted pages with embedding restrictions (thanks al_9x for report)

v 2.0.8rc3 (same as 2.0.8 final)
==========================================================================
x Fixed toolbar buttons icon size on Firefox 4 Windows theme
+ XSS check on permissions changes, suppressing events and forcing
filtered reload if an injection is found (thanks "dave b" for reporting)
x Fixed graphic glitches on menu showing with accelerated graphics (thanks
Das for reporting)
x Fixed permission changes causing unrelated tabs to be reloaded when
automatic permissions had been previously granted

v 2.0.8rc2
==========================================================================
x Fixed unhandled exception caused by LiveConnect interception logging (
thanks al_9x for reporting)
x Optimized QueryInterface generation
+ [ABE] 6to4 IP addresses support
x Fixed LiveConnect interception firing a dummy JVM sometimes on Gecko 2.0

v 2.0.8rc1
==========================================================================
x LiveConnect interception time reduced by 10 on Firefox 3.6 and by 100 on
Firefox 4 (about 1ms each)
x Restored LiveConnect interception logging (LOG_CONTENT_INTERCEPT mask)
x Fixed bug in fake redirections code, causing it not to honor the
redirection limit settings (thanks Peter Eckersley)
x [XSS] Improved SQLXSSI detection accuracy
x Updated revsci surrogate (thanks al_9x)

Version 2.0.8rc3 503.8 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.8rc3 (same as 2.0.8 final)
==========================================================================
x Fixed toolbar buttons icon size on Firefox 4 Windows theme
+ XSS check on permissions changes, suppressing events and forcing
filtered reload if an injection is found (thanks "dave b" for reporting)
x Fixed graphic glitches on menu showing with accelerated graphics (thanks
Das for reporting)
x Fixed permission changes causing unrelated tabs to be reloaded when
automatic permissions had been previously granted

v 2.0.8rc2
==========================================================================
x Fixed unhandled exception caused by LiveConnect interception logging (
thanks al_9x for reporting)
x Optimized QueryInterface generation
+ [ABE] 6to4 IP addresses support
x Fixed LiveConnect interception firing a dummy JVM sometimes on Gecko 2.0

v 2.0.8rc1
==========================================================================
x LiveConnect interception time reduced by 10 on Firefox 3.6 and by 100 on
Firefox 4 (about 1ms each)
x Restored LiveConnect interception logging (LOG_CONTENT_INTERCEPT mask)
x Fixed bug in fake redirections code, causing it not to honor the
redirection limit settings (thanks Peter Eckersley)
x [XSS] Improved SQLXSSI detection accuracy
x Updated revsci surrogate (thanks al_9x)

Version 2.0.8rc2 503.8 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.8rc2
==========================================================================
x Fixed unhandled exception caused by LiveConnect interception logging (
thanks al_9x for reporting)
x Optimized QueryInterface generation
x [ABE] 6to4 IP addresses support
x Fixed LiveConnect interception firing a dummy JVM sometimes on Gecko 2.0

v 2.0.8rc1
==========================================================================
x LiveConnect interception time reduced by 10 on Firefox 3.6 and by 100 on
Firefox 4 (about 1ms each)
x Restored LiveConnect interception logging (LOG_CONTENT_INTERCEPTI mask)
x Fixed bug in fake redirections code, causing it not to honor the
redirection limit settings (thanks Peter Eckersley)
x [XSS] Improved SQLXSSI detection accuracy
x Updated revsci surrogate (thanks al_9x)

Version 2.0.8rc1 503.8 kB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.8rc1
==========================================================================
x LiveConnect interception time reduced by 10 on Firefox 3.6 and by 100 on
Firefox 4 (about 1ms each)
x Restored LiveConnect interception logging (LOG_CONTENT_INTERCEPTI mask)
x Fixed bug in fake redirections code, causing it not to honor the
redirection limit settings (thanks Peter Eckersley)
x [XSS] Improved SQLXSSI detection accuracy
x Updated revsci surrogate (thanks al_9x)