NoScript Security Suite Version History

955 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.9.0.12rc1 551.2 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.12rc1
=============================================================
x [Surrogate] Updated google-analytics.com replacement (
thanks noscriptsplox)
x [XSS] Fixed regression (thanks Masato Kinugawa for report)

Version 3.5a13 176.4 KiB Works with Firefox for Android 18.0a1 - *

NoScript Anywhere 3.5a13
===============================================
x Like 3.5a11, but hosted on AMO for signing.

Version 2.9.0.11 551.2 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.11
=============================================================
x [XSS] Fixed infrastructure issue preventing one filter from
being automatically synchronized with Mozilla's source code
as designed (thanks .mario and Maxim Rupp for reporting)
x [XSS] Added filtering for a potential CSRF vector (thanks
Masato Kinugawa for reporting)

Version 2.9.0.11rc1 551.2 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.11rc1
=============================================================
x [XSS] Fixed infrastructure issue preventing one filter from
being automatically synchronized with Mozilla's source code
as designed (thanks .mario and @mmrupp for reporting)
x [XSS] Added filtering for a potential CSRF vector (thanks
Masato Kinugawa for reporting)

Version 2.9.0.10 537.0 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.10
=============================================================
x Fixed placeholder activation in Gecko 45 and above

Version 2.9.0.10rc1 537.0 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.10rc1
=============================================================
x Fixed placeholder activation in Gecko 45 and above

Version 2.9.0.9 537.0 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.9
=============================================================
x [XSS] Compatibility exception for the Printfriendly add-on
x Removed msn.com from the default whitelist, since it seems
to be unable to support HTTPS consistently

Version 2.9.0.9rc1 537.0 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.9rc1
=============================================================
x [XSS] Compatibility exception for the Printfriendly add-on
x Removed msn.com from the default whitelist, since it seems
to be unable to support HTTPS consistently

Version 2.9.0.8rc1 537.0 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.8rc1
=============================================================
x Fixed incompatibility with Firefox below version 38
x Tentative fix for an issue with explicit ports in HTTPS
upgraded URLs (like MSN.com)

Version 2.9.0.7 536.9 KiB Works with Firefox 38.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.35 and later

v 2.9.0.7
=============================================================
x [HTTPS] Removed legacy redirection methods when redirectTo()
is available in HTTP channels, fixing YouTube embedding
problem
x Replaced newChannel() with newChannel2() on Gecko 48

Version 2.9.0.7rc2 536.9 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.7rc2
=============================================================
x [HTTPS] Removed legacy redirection methods when redirectTo()
is available in HTTP channels, fixing YouTube embedding
problem
x Replaced newChannel() with newChannel2() on Gecko 48

Version 2.9.0.6 536.8 KiB Works with Firefox 38.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.35 and later

v 2.9.0.6
=============================================================
x [HTTPS] Limit httpsDefWhitelist effect to document loads
x [XSS] Reduced eval aliasing checks false positives

Version 2.9.0.6rc1 536.8 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.6rc1
=============================================================
x [HTTPS] Limit httpsDefWhitelist effect to document loads
x [XSS] Reduced eval aliasing checks false positives

Version 2.9.0.5 536.7 KiB Works with Firefox 38.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.35 and later

v 2.9.0.5
=============================================================
x [XSS] Improved detection of computed property accessors
(thanks Emanuel Bronshtein @e3amn2l for report)
x [HTTPS] Fixed httpsDefWhitelist breaking OCSP (thanks al_9x
for reporting)
x [HTTPS] Fixed httpsDefWhitelist breaking yui.yahooapis.com
(thanks Rob Greenberg for reporting
x [XSS] Fixed OpenID-related false positive
x Restored Nightly compatibility broken by bug 1253016
x Fixed regression in HTTPS enforcing exceptions
x [Surrogate] Updated googletag replacement (thanks barbaz)
x [Surrogate] Updated ga replacement (thanks barbaz)
x [XSS] Improved replacement for dangerous keywords/built-in
properties (thanks Emanuel Bronshtein @e3amn2l for report)
x [HTTPS] noscript.httpsDefWhitelist option to automatically
upgrade to HTTPS sites found in the default whitelist
(enabled by default, thanks Mazin Amhed for reporting)

Version 2.9.0.5rc4 536.7 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.5rc4
=============================================================
x [XSS] Improved detection of computed property accessors
(thanks Emanuel Bronshtein @e3amn2l for report)

v 2.9.0.5rc3
=============================================================
x [HTTPS] Fixed httpsDefWhitelist breaking OCSP (thanks al_9x
for reporting)
x [HTTPS] Fixed httpsDefWhitelist breaking yui.yahooapis.com
(thanks Rob Greenberg for reporting
x [XSS] Fixed OpenID-related false positive

v 2.9.0.5rc2
=============================================================
x Restored Nightly compatibility broken by bug 1253016
x Fixed regression in HTTPS enforcing exceptions

2.9.0.5rc1
=============================================================
x [Surrogate] Updated googletag replacement (thanks barbaz)
x [Surrogate] Updated ga replacement (thanks barbaz)
x [XSS] Improved replacement for dangerous keywords/built-in
properties (thanks Emanuel Bronshtein @e3amn2l for report)
x [HTTPS] noscript.httpsDefWhitelist option to automatically
upgrade to HTTPS sites found in the default whitelist
(enabled by default, thanks Mazin Amhed for reporting)

Version 2.9.0.5rc3 536.7 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.5rc3
=============================================================
x [HTTPS] Fixed httpsDefWhitelist breaking OCSP (thanks al_9x
for reporting)
x [HTTPS] Fixed httpsDefWhitelist breaking yui.yahooapis.com
(thanks Rob Greenberg for reporting
x [XSS] Fixed OpenID-related false positive

v 2.9.0.5rc2
=============================================================
x Restored Nightly compatibility broken by bug 1253016
x Fixed regression in HTTPS enforcing exceptions

2.9.0.5rc1
=============================================================
x [Surrogate] Updated googletag replacement (thanks barbaz)
x [Surrogate] Updated ga replacement (thanks barbaz)
x [XSS] Improved replacement for dangerous keywords/built-in
properties (thanks Emanuel Bronshtein @e3amn2l for report)
x [HTTPS] noscript.httpsDefWhitelist option to automatically
upgrade to HTTPS sites found in the default whitelist
(enabled by default, thanks Mazin Amhed for reporting)

Version 2.9.0.5rc2 536.5 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.5rc2
=============================================================
x Restored Nightly compatibility broken by bug 1253016
x Fixed regression in HTTPS enforcing exceptions

2.9.0.5rc1
=============================================================
x [Surrogate] Updated googletag replacement (thanks barbaz)
x [Surrogate] Updated ga replacement (thanks barbaz)
x [XSS] Improved replacement for dangerous keywords/built-in
properties (thanks Emanuel Bronshtein for report)
x [HTTPS] noscript.httpsDefWhitelist option to automatically
upgrade to HTTPS sites found in the default whitelist
(enabled by default, thanks Mazin Ahmed for reporting)

Version 2.9.0.5rc1 536.5 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.5rc1
=============================================================
x [Surrogate] Updated googletag replacement (thanks barbaz)
x [Surrogate] Updated ga replacement (thanks barbaz)
x [XSS] Improved replacement for dangerous keywords/built-in
properties (thanks Emanuel Bronshtein for report)
x [HTTPS] noscript.httpsDefWhitelist option to automatically
upgrade to HTTPS sites found in the default whitelist
(enabled by default, thanks Mazin Amhed for reporting)

Version 2.9.0.4 536.3 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.4
=============================================================
x Fixed InjectionChecker over-optimization bug (thanks Maxim
Rupp for reporting)
x [l10n] Updated ar (thanks Nassim Dhaher)

Version 2.9.0.4rc1 536.4 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.4rc1
=============================================================
x Fixed InjectionChecker over-optimization bug (thanks Maxim
Rupp for reporting)
x [l10n] Updated ar (thanks Nassim Dhaher)

Version 2.9.0.3 536.3 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.3rc2
=============================================================
x Fixed NoScript blocking WebExtensions by default
x Fixed XSS filter JSON sanitization bug (thanks Maxim Rupp
for reporting)

Version 2.9.0.3rc1 536.4 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.3rc2
=============================================================
x Fixed NoScript blocking WebExtensions by default
x Fixed XSS filter JSON sanitization bug (thanks Maxim Rupp
for reporting)

Version 2.9.0.2 537.3 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.2
=============================================================
x Version bump to work around AMO's 404 when serving 2.9.0.1

v 2.9.0.1
=============================================================
x Replaced "for each ()" with "for (... of ...)"
x Removed array comprehension usage
- Removed compatibility with Gecko lt 13
x Fixed conflict w/ KeeFox + CTR (thanks amloessb for report)
https://forums.informaction.com/viewtopic.php?p=80581

Version 2.9.0.1rc2 537.4 KiB Works with Firefox 13.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.10 and later

v 2.9.0.1rc2
=============================================================
x Replaced "for each ()" with "for (... of ...)"
x Removed array comprehension usage
- Removed compatibility with Gecko lt 13

Version 2.9.0.1rc1 537.4 KiB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.9.0.1rc1
=============================================================
x Fixed conflict w/ KeeFox + CTR (thanks amloessb for report)
https://forums.informaction.com/viewtopic.php?p=80581

Version 2.9 537.5 KiB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.9rc1
=============================================================
x [e10s] Fixed "Temporarily allow top-level sites by default"
broken by Electrolysis
x Fixed "key.revokeTemp" preference management bug (thanks
palme for patch)

Version 2.9rc1 537.4 KiB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.9rc1
=============================================================
x [e10s] Fixed "Temporarily allow top-level sites by default"
broken by Electrolysis
x Fixed "key.revokeTemp" preference management bug (thanks
palme for patch)

Version 2.7 537.3 KiB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.7
=============================================================
- Removed informaction.com, flashgot.net and maone.net from
the default whitelist to reduce the potential attack
surface
- Removed vestigial noscript.forbidData preference
x Fixed shorthands not checked for ftp(s) sites (thanks
Leon Winter for patch)
x [Surrogate] Fixed googletag replacement (thanks barbaz)
x Fixed incompatibility with importScript() from workers
breaking new reCaptcha implementation (thanks Mr_KrzYch00
for reporting)

Version 2.7rc1 537.3 KiB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.7rc1
=============================================================
- removed informaction.com, flashgot.net and maone.net from
the default whitelist to reduce the potential attack
surface
- removed vestigial noscript.forbidData preference
x Fixed shorthands not checked for ftp(s) sites (thanks
Leon Winter for patch)
x [Surrogate] Fixed googletag replacement (thanks barbaz)
x Fixed incompatibility with importScript() from workers
breaking new reCaptcha implementation (thanks Mr_KrzYch00
for reporting)

Version 2.6.9.39 536.3 KiB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.39
=============================================================
x Work-around for a XSS "false positive" caused by nwolb.com
passing Javascript code across subdomains in window.name
(thanks Sagiv Masvari for reporting)