NoScript Security Suite Version History

709 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.0.3.2 497.7 KB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.2
==========================================================================
x Work-around for first script element in body of a framed document not
being executed unless password manager is enabled on Minefield
x Work-around for surrogates not being executed in frames on Minefield

v 2.0.3.2rc1
==========================================================================
x Fixed further menu glitches with URL ports (thanks al_9x for reporting)

v 2.0.3.1
==========================================================================
x [UI] added 250ms delay for menu disappearing on mouse out from icon (
disappearing mouse out from menu already used a 500ms delay)
x Fixed explicit port URL related regression (thanks al_9x for reporting)

v 2.0.3.1rc6
==========================================================================
x Fixed further breakages due to Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc5
==========================================================================
x Fixed redirections broken by Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc4
==========================================================================
x Work-arounds for some CAPS implementation impedance mismatches (thanks
GµårÐïåñ and al_9x for reporting)

v 2.0.3.1rc3
==========================================================================
+ [UI] Extended the "open on hover" behavior to the toolbar button
x about:crashes added to the mandatory whitelist

v 2.0.3.1rc2
==========================================================================
x [Surrogate] Fixed window.open not working for HTTP sites on recent
Minefield builds
x Fixed minor glitch in channel replacement on trunk

v 2.0.3.1rc1
==========================================================================
x [Surrogate] Restored the previous document.cookie patching order, since
it seems more compatible with some buggy sites

Version 2.0.3.2rc2 497.7 KB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.2rc2
==========================================================================
x Work-around for first script element in body of a framed document not
being executed unless password manager is enabled on Minefield
x Work-around for surrogates not being executed in frames on Minefield

v 2.0.3.2rc1
==========================================================================
x Fixed further menu glitches with URL ports (thanks al_9x for reporting)

Version 2.0.3.1rc7 497.7 KB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.1rc7 (same as 2.0.3.1 final)
==========================================================================
x [UI] added 250ms delay for menu disappearing on mouse out from icon (
disappearing mouse out from menu already used a 500ms delay)
x Fixed explicit port URL related regression (thanks al_9x for reporting)

Version 2.0.3.1rc6 497.7 KB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.1rc6
==========================================================================
x Fixed further breakages due to Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc5
==========================================================================
x Fixed redirections broken by Array prototype chain glitches introduced
in latest Minefield

Version 2.0.3.1rc4 497.7 KB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1


v 2.0.3.1rc4
==========================================================================
+ Fixed some CAPS implementation impedance mismatches (thanks GµårÐïåñ and
al_9x for reporting)

v 2.0.3.1rc3
==========================================================================
+ [UI] Extended the "open on hover" behavior to the toolbar button
x about:crashes added to the mandatory whitelist

Version 2.0.3.1rc2 497.7 KB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.1rc2
==========================================================================
x [Surrogate] Fixed window.open not working for HTTP sites on recent
Minefield builds
x Fixed minor glitch in channel replacement on trunk

Version 2.0.3.1rc1 497.7 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3.1rc1
==========================================================================
x [Surrogate] Restored the previous document.cookie patching order, since
it seems more compatible with some buggy sites

Version 2.0.3 497.7 KB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3
==========================================================================
x [Surrogate] Improved compatibility of the popunder surrogate
x [Surrogate] Fixed broken meebo.com detached windows
x [L10n] Updated it-IT

v 2.0.3rc4
==========================================================================
+ [Pref] "NoScript Options|Appearance|Open permissions menu when mouse
hovers over NoScript's icon" checkbox
x [UI] Minor refinements in the new "UI on hovering" behavior

v 2.0.3rc3
==========================================================================
x [XSS] Fixed "Unsafe reload" not working under some circumstances (thanks
the JoshMeister for reporting)
+ [XSS] Better compatibility with Blogspot's CMS (thanks the JoshMeister
for reporting)
x Fixed "setting a property that has only a getter" warning in strict mode
x Better compatibility with CDNs improperly serving JavaScript files with
a CSS mime type

v 2.0.3rc2
==========================================================================
x Fixed "Partially allowed" message instead of "Forbidden" when everything
is blocked, including some embeddings (thanks jan for reporting)
x Fixed "No placeholder from untrusted" broken since 2.0.2.4 (thanks al_9x
for reporting)

v 2.0.3rc1
==========================================================================
+ [UI] Clickless "on over" opening of the status bar menu, can be disabled
via noscript.hoverUI about:config preference (thanks safemode for RFE)
x Fixed embedded fonts requiring the page to be allowed, rather than the
just the object, if embedded in data: URIs (thanks Alexander Konovalenko
for reporting)

Version 2.0.3rc5 497.7 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3rc5
==========================================================================
x [Surrogate] Improved compatibility of the popunder surrogate
x [Surrogate] Fixed broken meebo.com detached windows
x [L10n] Updated it-IT

Version 2.0.3rc4 497.7 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3rc4
==========================================================================
+ [Pref] "NoScript Options|Appearance|Open permissions menu when mouse
hovers over NoScript's icon" checkbox
x [UI] Minor refinements in the new "UI on hovering" behavior

Version 2.0.3rc3 497.7 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3rc3
==========================================================================
x [XSS] Fixed "Unsafe reload" not working under some circumstances (thanks
the JoshMeister for reporting)
+ [XSS] Better compatibility with Blogspot's CMS (thanks the JoshMeister
for reporting)
x Fixed "setting a property that has only a getter" warning in strict mode
x Better compatibility with CDNs improperly serving JavaScript files with
a CSS mime type

Version 2.0.3rc2 496.6 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3rc2
==========================================================================
x Fixed "Partially allowed" message instead of "Forbidden" when everything
is blocked, including some embedding (thanks jan for reporting)
x Fixed "No placeholder from untrusted" broken since 2.0.2.4 (thanks al_9x
for reporting)

Version 2.0.3rc1 496.6 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3rc1
==========================================================================
+ [UI] Clickless "on over" opening of the status bar menu, can be disabled
via noscript.hoverUI about:config preference (thanks safemode for RFE)
x Fixed embedded fonts requiring the page to be allowed, rather than the
just the object, if embedded in data: URIs (thanks Alexander Konovalenko
for reporting)

Version 2.0.2.5 496.6 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.5
==========================================================================
x [XSS] Further FBML compatibility improvements

Version 2.0.2.5rc1 496.6 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.5rc1
==========================================================================
x [XSS] Further FBML compatibility improvements

Version 2.0.2.4rc2 496.6 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.4rc2 (identical to v 2.0.2.4 final)
==========================================================================
+ [XSS] Improved Facebook games compatibility
x [ClearClick] Fixed ABP tabs interfering with cross-window snapshots
x [ClearClick] Fixed bug preventing clicks on frames embedded by URLs
which have no host field
- Removed legacy code to handle ABP tabs on NoScript-blocked objects

v 2.0.2.4rc1
==========================================================================
x [HSTS] Fixed SSL certificate error pages not being patched (removing
the expert interface) when a broken HSTS site is open first time (thaks
Porkulus for reporting)

Version 2.0.2.4rc1 496.6 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.4rc1
==========================================================================
x [HSTS] Fixed SSL certificate error pages not being patched (removing
the expert interface) when a broken HSTS site is open for the first time
(thaks Porkulus for reporting)

Version 2.0.2.3 496.6 KB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.3
==========================================================================
x [XSS] Fixed optimization bug which may lead to slower checks on specific
source patterns

Version 2.0.2.3rc1 496.6 KB Works with Firefox 3.0 - 4.0b5pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.3
==========================================================================
x [XSS] Fixed optimization bug which may lead to slower checks on specific
source patterns

Version 2.0.2.2rc2 496.6 KB Works with Firefox 3.0 - 4.0b5pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.2rc2
==========================================================================
x [XSS] Huge InjectionChecker speed optimization, prevents most DOS false
positives caused by checks timeout (thanks Sylvia Oberstein for report)

Version 2.0.2.1rc1 496.6 KB Works with Firefox 3.0 - 4.0b5pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.1rc1 (identical to 2.0.2.1 final)
==========================================================================
x [Surrogate] Fixed fallback regression (thanks al_9x for report)

v 2.0.2
==========================================================================
x Further accessibility enhancements (thanks Jonathan Ely for report)
x Fixed matching issue with document.open() pages

v 2.0.2rc10
==========================================================================
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc9
==========================================================================
x [Surrogate] Fixed scoping issue in debug mode
x [Surrogate] Adapted existing surrogates to new page-level execution
method
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc8
==========================================================================
x Minor accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc7
==========================================================================
x [Surrogate] Enabled back surrogate execution on pages created with
document.open(), identified by the pseudo-URL "wyciwyg:" for matching
purposes
x [Surrogate] Surrogates sources can match any URL except those with
scheme chrome, resource, about or view-source

v 2.0.2rc6
==========================================================================
x Fixed regression in SWFObject emulated support (thanks al_9x for report)
x [Surrogate] Disabled inconsistent surrogate execution on pages created
with document.open()

v 2.0.2rc5
==========================================================================
+ [Surrogate] Removed execution dependency on early DOM manipulation
x [ABE] Fixed Anonymize action causing exceptions to be reported in console
sometimes on Minefield
x [ClearClick] Work-around for uservoice.com false positive

v 2.0.2rc4
==========================================================================
x [XSS] Work-around for XSS by design in the Facebook API preventing some
games from working properly
x [Surrogate] fixed surrogates interfering with forced NOSCRIPT element
activation

v 2.0.2rc3
==========================================================================
+ [Surrogate] Improved page-level surrogate timing on Gecko version
1.9.2.8 and above
x [Surrogate] Fixed in-frame page-level surrogates causing some sites to
loose history navigation functionality
- [Surrogate] Dropped support for page-level in-frame surrogates on Gecko
version 1.9.2.7 and below
x [XSS] Correctness enhancement in the ASP Unicode homograph work-around

v 2.0.2rc2
==========================================================================
+ [XSS] Work-around for questionable Unicode to ASCII homographic
conversions performed by Microsoft's "Classic" ASP
x Tighter UI synchronization callbacks

v 2.0.2rc1
==========================================================================
x Tentative fix for UI sync regression reported by al_9x

Version 2.0.2rc11 496.6 KB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2rc11 (identical to 2.0.2 final)
==========================================================================
x Further accessibility enhancements (thanks Jonathan Ely for report)
x Fixed matching issue with document.open() pages

v 2.0.2rc10
==========================================================================
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc9
==========================================================================
x [Surrogate] Fixed scoping issue in debug mode
x [Surrogate] Adapted existing surrogates to new page-level execution
method
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc8
==========================================================================
x Minor accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc7
==========================================================================
x [Surrogate] Enabled back surrogate execution on pages created with
document.open(), identified by the pseudo-URL "wyciwyg:" for matching
purposes
x [Surrogate] Surrogates sources can match any URL except those with
scheme chrome, resource, about or view-source

v 2.0.2rc6
==========================================================================
x Fixed regression in SWFObject emulated support (thanks al_9x for report)
x [Surrogate] Disabled inconsistent surrogate execution on pages created
with document.open()

v 2.0.2rc5
==========================================================================
+ [Surrogate] Removed execution dependency on early DOM manipulation
x [ABE] Fixed Anonymize action causing exceptions to be reported in console
sometimes on Minefield
x [ClearClick] Work-around for uservoice.com false positive

v 2.0.2rc4
==========================================================================
x [XSS] Work-around for XSS by design in the Facebook API preventing some
games from working properly
x [Surrogate] fixed surrogates interfering with forced NOSCRIPT element
activation

v 2.0.2rc3
==========================================================================
+ [Surrogate] Improved page-level surrogate timing on Gecko version
1.9.2.8 and above
x [Surrogate] Fixed in-frame page-level surrogates causing some sites to
loose history navigation functionality
- [Surrogate] Dropped support for page-level in-frame surrogates on Gecko
version 1.9.2.7 and below
x [XSS] Correctness enhancement in the ASP Unicode homograph work-around

v 2.0.2rc2
==========================================================================
+ [XSS] Work-around for questionable Unicode to ASCII homographic
conversions performed by Microsoft's "Classic" ASP
x Tighter UI synchronization callbacks

v 2.0.2rc1
==========================================================================
x Tentative fix for UI sync regression reported by al_9x

Version 2.0.2rc10 496.6 KB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.2rc10
==========================================================================
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc9
==========================================================================
x [Surrogate] Fixed scoping issue in debug mode
x [Surrogate] Adapted existing surrogates to new page-level execution
method
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc8
==========================================================================
x Minor accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc7
==========================================================================
x [Surrogate] Enabled back surrogate execution on pages created with
document.open(), identified by the pseudo-URL "wyciwyg:" for matching
purposes
x [Surrogate] Surrogates sources can match any URL except those with
scheme chrome, resource, about or view-source

v 2.0.2rc6
==========================================================================
x Fixed regression in SWFObject emulated support (thanks al_9x for report)
x [Surrogate] Disabled inconsistent surrogate execution on pages created
with document.open()

v 2.0.2rc5
==========================================================================
+ [Surrogate] Removed execution dependency on early DOM manipulation
x [ABE] Fixed Anonymize action causing exceptions to be reported in console
sometimes on Minefield
x [ClearClick] Work-around for uservoice.com false positive

v 2.0.2rc4
==========================================================================
x [XSS] Work-around for XSS by design in the Facebook API preventing some
games from working properly
x [Surrogate] fixed surrogates interfering with forced NOSCRIPT element
activation

v 2.0.2rc3
==========================================================================
+ [Surrogate] Improved page-level surrogate timing on Gecko version
1.9.2.8 and above
x [Surrogate] Fixed in-frame page-level surrogates causing some sites to
loose history navigation functionality
- [Surrogate] Dropped support for page-level in-frame surrogates on Gecko
version 1.9.2.7 and below
x [XSS] Correctness enhancement in the ASP Unicode homograph work-around

v 2.0.2rc2
==========================================================================
+ [XSS] Work-around for questionable Unicode to ASCII homographic
conversions performed by Microsoft's "Classic" ASP
x Tighter UI synchronization callbacks

v 2.0.2rc1
==========================================================================
x Tentative fix for UI sync regression reported by al_9x

Version 2.0.2rc9 496.6 KB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.2rc9
==========================================================================
x [Surrogate] Fixed scoping issue in debug mode
x [Surrogate] Adapted existing surrogates to new page-level execution
method
x Further accessibility enhancements (thanks Jonathan Ely for report)

Version 2.0.2rc8 496.6 KB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.2rc8
==========================================================================
x Minor accessibility enhancements (thanks Jonathan Ely for report)

Version 2.0.2rc7 496.6 KB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.2rc7
==========================================================================
x [Surrogate] Enabled back surrogate execution on pages created with
document.open(), identified by the pseudo-URL "wyciwyg:" for matching
purposes
x [Surrogate] Surrogates sources can match any URL except those with
scheme chrome, resource, about or view-source

Version 2.0.2rc6 496.6 KB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

Version 2.0.2rc5 496.6 KB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.2rc5
==========================================================================
+ [Surrogate] Removed execution dependency on early DOM manipulation
x [ABE] Fixed Anonymize action causing exceptions to be reported in console
sometimes on Minefield

Version 2.0.2rc4 496.6 KB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.2rc4
==========================================================================
x [XSS] Work-around for XSS by design in the Facebook API preventing some
games from working properly
x [Surrogate] fixed surrogates interfering with forced NOSCRIPT element
activation

v 2.0.2rc3
==========================================================================
+ [Surrogate] Improved page-level surrogate timing on Gecko version
1.9.2.8 and above
x [Surrogate] Fixed in-frame page-level surrogates causing some sites to
loose history navigation functionality
- [Surrogate] Dropped support for page-level in-frame surrogates on Gecko
version 1.9.2.7 and below
x [XSS] Correctness enhancement in the ASP Unicode homograph work-around

v 2.0.2rc2
==========================================================================
+ [XSS] Work-around for questionable Unicode to ASCII homographic
conversions performed by Microsoft's "Classic" ASP
x Tighter UI synchronization callbacks

v 2.0.2rc1
==========================================================================
x Tentative fix for UI sync regression reported by al_9x

Version 2.0.1 492.5 KB Works with Firefox 3.0 - 4.0b5pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.1
==========================================================================
+ [ABE] noscript.abe.localExtras about:config preference can specify net
resources (space separated IPs and/or subnets) to be considered as
LOCAL by ABE, in addition to the "regular" private subnetworks and the
auto-detected WAN IP (thanks ammdispose for suggestion)
x [ClearClick] Better compatibility with iframes containing very tiny
pages (e.g. horizontal Flattr buttons)
x Fixed page-level surrogates not always being executed inside iframes
(thanks al_9x for reporting)
x [XSS] Fixed XML tags with no attributes which are homonymous of
"sensitive" HTML tags triggering XSS false positives

v 2.0.1rc4
==========================================================================
+ Forced NOSCRIPT element activation is not triggered for sources marked
as untrusted (thanks al_9x for suggestion)
+ Update for Firefox 4.0b4pre compatibility (bug 546606)

v 2.0.1rc3
==========================================================================
x Improved interaction between surrogates and NOSCRIPT element activation
x Fixed potential recursion issue during DNS resolution on SeaMonkey trunk
(thanks therube for reporting)
x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=584334
x Fixed using IPv6 URL syntax causes confusion to some proxies
x Compatibility checks updates

v 2.0.1rc2
==========================================================================
+ [ABE] "X-ABE-Fingerprint: Off" header can be sent by web servers which
don't want/need to be fingerprinted by ABE's WAN IP protection
+ [ABE] User agent header "Mozilla/5.0 (ABE, http://noscript.net/abe/wan)"
is sent to help administrators finding info about ABE's fingerprinting
x [ABE] Fingerprint checks are performed every 15 minutes, rather than 5
x Fixed early access to document.documentElement breaking XBL bindings
on SeaMonkey trunk (thanks therube for reporting)

v 2.0.1rc1
==========================================================================
x Fixed meta redirections being broken sometimes when a NOSCRIPT element
activation is forced on a JavaScript-enabled page (thanks Supermop for
reporting)