NoScript Security Suite Version History

870 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.6.9rc3 542.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9rc3
=============================================================
+ [XSS] Improved location-based exfiltration protection
(thanks Masato Kinugawa for reporting)

Version 2.6.9rc2 542.6 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9rc2
=============================================================
+ [Surrogate] login.person.org inclusion (thanks barbaz)
x [XSS] Fixed 2.6.8.43 regressions
x [XSS] Improved specificity for eval-like patterns

v 2.6.9rc1
=============================================================
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support
x [XSS] Fixed 2.6.8.43 regressions

Version 2.6.9rc1 544.2 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9rc1
=============================================================
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support
x [XSS] Fixed 2.6.8.43 regressions

Version 2.6.8.43.1-signed 541.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.43
=============================================================
x [XSS] Protection against some exfiltration attacks based on
arithmetic operators (thanks Masato Kinugawa and File
Descriptor AKA XSS Jigsaw for reporting)

Version 2.6.8.43rc2 541.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.43rc2
=============================================================
x [XSS] Fixed rc1 regression (thanks Masato Kinugawa for
reporting)

v 2.6.8.43rc1
=============================================================
x [XSS] Protection against some exfiltration attacks based on
arithmetic operators (thanks Masato Kinugawa and File
Descriptor AKA XSS Jigsaw for reporting)

Version 2.6.8.43rc1 541.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.43rc1
=============================================================
x [XSS] Protection against some exfiltration attacks based on
arithmetic operators (thanks Masato Kinugawa and File
Descriptor AKA XSS Jigsaw for reporting)

Version 2.6.8.42.1-signed 541.0 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x [XSS] Improved window.name exfiltration protection
(thanks Masato Kinugava for reporting)

v 2.6.8.42rc2
=============================================================
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.42rc3 541.0 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x [XSS] Improved window.name exfiltration protection
(thanks Masato Kinugava for reporting)

v 2.6.8.42rc2
=============================================================
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.42rc2 540.8 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.42rc2
=============================================================
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.42rc1 540.5 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.41.1-signed 540.4 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.41
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for help)
x Added "Always ask" checkbox to the removal confirmation
dialog (thanks agaxwtmp for RFE)
x Fixed Options dialog broken on ancient Firefox versions
x [XSS] Fixed false positive within *.adxns.com

Version 2.6.8.41rc3 540.4 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.41rc3
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for help)

v 2.6.8.41rc2
=============================================================
x Added "Always ask" checkbox to the removal confirmation
dialog (thanks agaxwtmp for RFE)
x Fixed Options dialog broken on ancient Firefox versions

v 2.6.8.41rc1
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for patch)
x [XSS] Fixed false positive within *.adxns.com

Version 2.6.8.41rc2 540.4 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.41rc2
=============================================================
x Added "Always ask" checkbox to the removal confirmation
dialog (thanks agaxwtmp for RFE)
x Fixed Options dialog broken on ancient Firefox versions

v 2.6.8.41rc1
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for patch)
x [XSS] Fixed false positive within *.adxns.com

Version 2.6.8.41rc1 540.3 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.41rc1
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for patch)
x [XSS] Fixed false positive within *.adxns.com

Version 2.6.8.40.1-signed 541.7 kB Works with Firefox 4.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.12 and later

v 2.6.8.40
=========================================================================
x Fixed regression causing script inclusions with non-standard ports to
be always blocked
x [ABE] Improved ruleset editing UI (thanks barbaz for patch)

Version 2.6.8.40rc2 541.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.40rc2
=========================================================================
x Fixed regression causing script inclusions with non-standard ports to
be always blocked

v 2.6.8.40rc1
=========================================================================
x [ABE] Improved ruleset editing UI (thanks barbaz for patch)

Version 2.6.8.40rc1 541.6 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.40rc1
=========================================================================
x [ABE] Improved ruleset editing UI (thanks barbaz for patch)

Version 2.6.8.39.1-signed 539.8 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.39
=========================================================================
x [Surrogate] Removed DARLA surrogate and reimplemented its work-around
as a XSS filter exception
x [Bookmarklets] Fixed bookmarklets broken when JavaScript is enabled
(thanks therube for reporting)
x [Surrogate] Work-around for DARLA surrogate breaking Yahoo! Mail

Version 2.6.8.39rc2 539.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.39rc2
=========================================================================
x [Surrogate] Removed DARLA surrogate and reimplemented its work-around
as a XSS filter exception
x [Bookmarklets] Fixed bookmarklets broken when JavaScript is enabled
(thanks therube for reporting)

v 2.6.8.39rc1
=========================================================================
x [Surrogate] Work-around for DARLA surrogate breaking Yahoo! Mail

Version 2.6.8.39rc1 540.0 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.39rc1
=========================================================================
x [Surrogate] Work-around for DARLA surrogate breaking Yahoo! Mail

Version 2.6.8.38.1-signed 539.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.38
=========================================================================
x Fixed regression preventing Youtube movies from playing
x Completed work-around for Firefox's Bug 1044351
x [Surrogate] Improved Yahoo! DARLA source matching

Version 2.6.8.38rc2 539.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.38rc2
=========================================================================
x Fixed regression preventing Youtube movies from playing

v 2.6.8.38rc1
=========================================================================
x Completed work-around for Firefox's Bug 1044351
x [Surrogate] Improved Yahoo! DARLA source matching

Version 2.6.8.38rc1 539.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.38rc1
=========================================================================
x Completed work-around for Firefox's Bug 1044351
x [Surrogate] Improved Yahoo! DARLA source matching

Version 2.6.8.37.1-signed 539.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.37
=========================================================================
x Made the new additional script blocking policies more consistent with
other features (e.g. the XSS filter)
x NoScript's toolbar button is now friendlier to other Australis-enabled
add-ons
x Work-around for Firefox's Bug 1044351 (thanks al_9x for RFE)
x [XSS] Support for new insidious ES6 constructs introduced in Firefox 34
(thanks .mario for reporting)
x [HTTPS] Experimental "Allow HTTPS scripts globally on HTTPS documents"
mode
x [Surrogate] Yahoo! "DARLA" ads loader post-execution surrogate prevents
the browser from stalling due to the many window.name-based XSSes
intentionally used by this ads delivery script

Version 2.6.8.37rc3 539.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.37rc3
=========================================================================
x Made the new additional script blocking policies more consistent with
other features (e.g. the XSS filter)
x NoScript's toolbar button is now friendlier to other Australis-enabled
add-ons
x Work-around for Firefox's Bug 1044351 (thanks al_9x for RFE)

v 2.6.8.37rc2
=========================================================================
x [XSS] Support for new insidious ES6 constructs introduced in Firefox 34
(thanks .mario for reporting)
x [HTTPS] Experimental "Allow HTTPS scripts globally on HTTPS documents"
mode

v 2.6.8.37rc1
=========================================================================
x [Surrogate] Yahoo! "DARLA" ads loader post-execution surrogate prevents
the browser from stalling due to the many window.name-based XSSes
intentionally used by this ads delivery script

Version 2.6.8.37rc2 539.4 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Version 2.6.8.37rc1 538.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.37rc1
=========================================================================
x [Surrogate] Yahoo! "DARLA" ads loader post-execution surrogate prevents
the browser from stalling due to the many window.name-based XSSes
intentionally used by this ads delivery script

Version 2.6.8.36.1-signed 538.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.36
=========================================================================
x [Surrogate] Updated adf.ly replacement (thanks kasper93 for coding)
x [Surrogate] Updated connect.facebook.net replacement
x Fixed bookmarklet emulation compatibility issue breaking some add-ons
which rely on the new getShortcutOrURIAndPostData() function signature
x Fixed regression causing preventing the Blocked Objects list from being
manually reset

Version 2.6.8.36rc1 538.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.36rc1
=========================================================================
x [Surrogate] Updated adf.ly replacement (thanks kasper93 for coding)
x [Surrogate] Updated connect.facebook.net replacement
x Fixed bookmarklet emulation compatibility issue breaking some add-ons
which rely on the new getShortcutOrURIAndPostData() function signature

Version 2.6.8.35.1-signed 538.6 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.35
=========================================================================
x Improved compatibility with browser built-in Click To Play
+ Recently blocked sites are now recorded per-window (causing automatic
oblivion of data from Private Browsing windows when they're closed)
+ Recently blocked sites are not collected at all unless the menu item
is configured to be shown (thanks Barbaz for RFE and patch)