NoScript Security Suite Version History

847 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 1.9.9.99 489.5 kB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.99
==========================================================================
x Emergency fix for a page reload bug on Mac OS X causing high CPU
consumption after permission changes (thanks "D A" for reporting)

Version 1.9.9.99rc1 489.5 kB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

(Identical to 1.9.9.99 stable)
v 1.9.9.99
==========================================================================
x Emergency fix for a page reload bug on Mac OS X causing high CPU
consumption after permission changes (thanks "D A" for reporting)

Version 1.9.9.98rc7 489.5 kB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

(Identical 1.9.9.98 stable)
v 1.9.9.98
==========================================================================
+ Improved ClearClick clipping accuracy on framesets
+ Improved ClearClick clipping accuracy on nested scrolling elements

Version 1.9.9.98 489.5 kB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98
==========================================================================
+ Improved ClearClick clipping accuracy on framesets
+ Improved ClearClick clipping accuracy on nested scrolling elements

v 1.9.9.98rc6
==========================================================================
x Fixed work-around for Mozilla's bug 576492 breaking NoScript on browser
restart

v 1.9.9.98rc5
==========================================================================
+ Support for the latest Gecko 2 XPCOM changes
x Work-around for Mozilla's bug 576492

v 1.9.9.98rc4
==========================================================================
+ noscript.surrogates.debug preference enables console logging of uncaught
exceptions happening in surrogates (thanks al_9x for suggestion)
x Better error handling in surrogates, prevents a failing scripts to abort
the others
x Improved AMO surrogates, allows right-click menu to work on install
buttons (thanks Mc for reporting)


v 1.9.9.98rc3
==========================================================================
x Fixed bug on edge case minimum placeholder size computation when object
to be replaced is out of the current viewport
x Version compatibility bump for Firefox 4.0b2pre
x Fixed regression: untrusted icon not being shown when all the sources
of a page are untrusted (thanks al_9x for reporting)

v 1.9.9.98rc2
==========================================================================
+ window.toStaticHTML implementation
x Improved placeholders for embeds nested in ActiveX OBJECT elements

v 1.9.9.98rc1
==========================================================================
+ Surrogate for Google Search thumbnails when Google is not whitelisted
+ Automatic reload on permission change setting now affects pages
containing embeddings which change status too, whose reload can be also
forced through the noscript.autoReload.embedders preference:
0 - never reload
1 - inherit the noscript.autoReload setting
2 - force reload
+ Prevent reload on pages where a 3rd party script changed its
permissions status but the top-level is forbidden and unchanged
+ Surrogate to use InstallTrigger on AMO even if addons.mozilla.org is not
whitelisted

Version 1.9.9.98rc6 488.4 kB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98rc6
==========================================================================
x Fixed work-around for Mozilla's bug 576492 breaking NoScript on browser
restart

v 1.9.9.98rc5
==========================================================================
+ Support for the latest Gecko 2 XPCOM changes
x Work-around for Mozilla's bug 576492

Version 1.9.9.98rc4 488.4 kB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98rc4
==========================================================================
+ noscript.surrogates.debug preference enables console logging of uncaught
exceptions happening in surrogates (thanks al_9x for suggestion)
x Better error handling in surrogates, prevents a failing scripts to abort
the others
x Improved AMO surrogates, allows right-click menu to work on install
buttons (thanks Mc for reporting)

Version 1.9.9.98rc3 487.4 kB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98rc3
==========================================================================
x Fixed bug on edge case minimum placeholder size computation when object
to be replaced is out of the current viewport
x Version compatibility bump for Firefox 4.0b2pre
x Fixed regression: untrusted icon not being shown when all the sources
of a page are untrusted (thanks al_9x for reporting)

Version 1.9.9.98rc2 487.4 kB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

Version 1.9.9.98rc1 487.4 kB Works with Firefox 1.5 - 3.7a6pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98rc1
==========================================================================
+ Surrogate for Google Search thumbnails when Google is not whitelisted
+ Automatic reload on permission change setting now affects pages
containing embeddings which change status too, whose reload can be also
forced through the noscript.autoReload.embedders preference:
0 - never reload
1 - inherit the noscript.autoReload setting
2 - force reload
+ Prevent reload on pages where a 3rd party script changed its
permissions status but the top-level is forbidden and unchanged
+ Surrogate to use InstallTrigger on AMO even if addons.mozilla.org is not
whitelisted

Version 1.9.9.97 486.4 kB Works with Firefox 1.5 - 4.0b2pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.97
==========================================================================
x Fixed ClearClick false positives on Fx 3.5 and below (thanks Deniz Sofu
for reporting)
x Compatibility version bump for Seamokey trunk

v 1.9.9.97rc1
==========================================================================
x Fixed '@' surrogates being ran on scriptless pages
x Recentering on the parent form for ClearClick checks over a form widget
reduces false positives over obstructed frames

v 1.9.9.96
==========================================================================
x Fixed Script Surrogates activation glitches

v 1.9.9.95
==========================================================================
x Fixed wrongly sized placeholders on Youtube (regression from rc1)

v 1.9.9.95rc2
==========================================================================
x More accurated feedback on nested object blocking (thanks al_9x for
reporting)
+ External filters command line template updated with request origin as
the 3rd argument

v 1.9.9.95rc1
==========================================================================
+ imagebam surrogate kills popups over images and popunders on click
+ imagehaven surrogate kills popups over images and popunders on click
+ inserstitialBox surrogate kills interstital on imagevenue.com
+ "!@" prefixed surrogates run no matter whether scripts are enabled or
disabled for the page (in a DOMContentLoaded event handler)
x Fixed JS redirect handling causing duplicate object placeholders on
scriptless pages containing embeddings only
x Fixed ABE's SELF checks fail on redirects which contain a browser URL

v 1.9.9.94
==========================================================================
x Fixed bookmarklets support on non-whitelisted pages broken in non-Places
browsers like SeaMonkey (thanks therube for reporting)
X Better icon feedback on page where there's no script element but some
plugin content has been blocked

v 1.9.9.93
==========================================================================
x Fixed ClearClick false positives when RTL content or browser settings
put the vertical scrollbar on the left (thanks Mark Callow for report)
x Fixed setting noscript.checkInjectionType to false did not disable the
feature (thanks al_9x for report)
x More accurate embedded object replacement (thanks al_9x for report)

v 1.9.9.92
==========================================================================
x Fixed Places-related bug on Minefield (thanks mpz for reporting)
x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
(allow same domain) if either the parent or the frame is marked as
untrusted (thanks al_9x for suggestion)

v 1.9.9.91
==========================================================================
x More compatible docShell reaching, works around some buggy extensions
which wrap browser.webNavigation just partially
x InjectionChecker's XML reduction more compatible with SAML

v 1.9.9.90
==========================================================================
+ Optimal timing for page-level surrogates in frames
x ClearClick exceptions are considered independently from the JavaScript
whitelist as they should
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)

v 1.9.9.89
==========================================================================
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)
x More consistent icon feedback with docShell-based cascading JS blocking
(thanks al_9x for reporting)

v 1.9.9.88
==========================================================================
x Inclusion type checks try to infer file type from directory-like URLs
x More consistent web bugs blocking with forced NOSCRIPT elements
x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for
reporting)
x Version compatibility bump to Firefox 3.7a6pre

Version 1.9.9.96 486.4 kB Works with Firefox 3.6 - 3.7a6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 1.9.9.96
==========================================================================
x Fixed Script Surrogates activation glitches

v 1.9.9.95
==========================================================================
x Fixed wrongly sized placeholders on Youtube (regression from rc1)

v 1.9.9.95rc2
==========================================================================
x More accurated feedback on nested object blocking (thanks al_9x for
reporting)
+ External filters command line template updated with request origin as
the 3rd argument

v 1.9.9.95rc1
==========================================================================
+ imagebam surrogate kills popups over images and popunders on click
+ imagehaven surrogate kills popups over images and popunders on click
+ inserstitialBox surrogate kills interstital on imagevenue.com
+ "!@" prefixed surrogates run no matter whether scripts are enabled or
disabled for the page (in a DOMContentLoaded event handler)
x Fixed JS redirect handling causing duplicate object placeholders on
scriptless pages containing embeddings only
x Fixed ABE's SELF checks fail on redirects which contain a browser URL

v 1.9.9.94
==========================================================================
x Fixed bookmarklets support on non-whitelisted pages broken in non-Places
browsers like SeaMonkey (thanks therube for reporting)
X Better icon feedback on page where there's no script element but some
plugin content has been blocked

v 1.9.9.93
==========================================================================
x Fixed ClearClick false positives when RTL content or browser settings
put the vertical scrollbar on the left (thanks Mark Callow for report)
x Fixed setting noscript.checkInjectionType to false did not disable the
feature (thanks al_9x for report)
x More accurate embedded object replacement (thanks al_9x for report)

v 1.9.9.92
==========================================================================
x Fixed Places-related bug on Minefield (thanks mpz for reporting)
x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
(allow same domain) if either the parent or the frame is marked as
untrusted (thanks al_9x for suggestion)

v 1.9.9.91
==========================================================================
x More compatible docShell reaching, works around some buggy extensions
which wrap browser.webNavigation just partially
x InjectionChecker's XML reduction more compatible with SAML

v 1.9.9.90
==========================================================================
+ Optimal timing for page-level surrogates in frames
x ClearClick exceptions are considered independently from the JavaScript
whitelist as they should
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)

v 1.9.9.89
==========================================================================
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)
x More consistent icon feedback with docShell-based cascading JS blocking
(thanks al_9x for reporting)

v 1.9.9.88
==========================================================================
x Inclusion type checks try to infer file type from directory-like URLs
x More consistent web bugs blocking with forced NOSCRIPT elements
x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for
reporting)
x Version compatibility bump to Firefox 3.7a6pre

Version 1.9.9.87 484.4 kB Works with Firefox 1.5 - 3.7a6pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a2

v 1.9.9.87
==========================================================================
x Improved URL parsing in META refresh interception
x Optimized * universal pattern in AddressMatcher
x Better error reporting during the execution of location bar scriptlets

v 1.9.9.86
==========================================================================
+ Better timing for page-level script surrogates inside frames
+ mime/type@http://site.com syntax support for noscript.allowedMimeRegExp
preference (thanks Gregyski for request)
+ Improved XSS checks accuracy (less false positives) and performance
+ Enhanced management of recent Silverlight versions (thanks al_9x for
reporting)

v 1.9.9.85
==========================================================================
+ More accurate checks for META inside NOSCRIPT with HTML 5 parser
x Fixed possible DOS condition on some kinds of very long URLs

v 1.9.9.84
==========================================================================
x Improved heuristic for background refresh automatic blocking and
reenablement
x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element

v 1.9.9.83
==========================================================================
x Fixed some sites refreshing themselves even if another load has been
initiated (thanks Dirk S for reporting)

v 1.9.9.82
==========================================================================
+ More discreet and automated anti-tabnagging protection (refreshes are
blocked on unfocused tabs and get automatically executed only when
tab gets in focus again)
+ Slight optimization of AddressMatcher tests on .site.com clauses
x Fixed noscript.forbidBGRefresh.exceptions not being honored
x Better handling of error conditions happening during ABE's channel
replacement internal redirections (thanks al_9x for reporting)
x Fixed minor feedback icon glitches (thanks al_9x for reporting)

Version 1.9.9.81 483.3 kB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a2

v 1.9.9.81
==========================================================================
+ Experimental blocking of page refreshes happening inside untrusted
unfocused tabs, should provide protection against Aviv Raff's scriptless
"tabnabbing" variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference:
0 - no blocking
1 - block refreshes on untrusted unfocused tabs
2 - block refreshes on trusted unfocused tabs
3 - block refreshes on both trusted and untrusted unfocused tab
Address patterns matching pages which shouldn't be affected can be
listed in the noscript.forbidBGRefresh.exceptions preference
x Fixed XSS false positive in new 3.7 add-ons manager
x Fixed meta-refresh URL parsing mismatch
x Fixed import script surrogates being broken by a 1.9.9.79 regression

v 1.9.9.80
==========================================================================
x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed but some objects blocked" one when the blocked objects' domains
are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
request is for a subdocument (the blocking is logged in the Console, use
SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
for reporting)

v 1.9.9.79
==========================================================================
x Script surrogates whose source starts with the '!' get executed on
pages where scripts are disabled (on document DOM completion, rather
than before HTML parsing starts like regular surrogates)

Version 1.9.9.80 482.3 kB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre

1.9.9.80
==========================================================================
x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed but some objects blocked" one when the blocked objects' domains
are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
request is for a subdocument (the blocking is logged in the Console, use
SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
for reporting)

v 1.9.9.79
==========================================================================
x Script surrogates whose source starts with the '!' get executed on
pages where scripts are disabled (on document DOM completion, rather
than before HTML parsing starts like regular surrogates)

v 1.9.9.78
==========================================================================
x Redirect cache for scripts and XBL only
x Fixed cross-site CSS being blocked under some circumstances (e.g.
on Flicker and Yahoo)

Version 1.9.9.77 483.3 kB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre


v 1.9.9.77
==========================================================================
+ ABE INCLUSION(type1, type2, type3...) pseudo-method allows rules to take
request type (e.g. SCRIPT vs CSS) in account
+ ABE SELF+ (same domain) and SELF++ (same base domain) pseudo-origins
x Fixed iconic feedback inconsistencies when untrusted blocked objects
are mixed with full-trusted content (tanks al_9x for reporting)
x Fixed Injection Checker false positives on some kinds of complex nested
URLs (thanks Sirdarckcat for reporting)
x Tweaked ClearClick for Disqus compatibility (thanks John for reporting)

v 1.9.9.76
==========================================================================
x Fixed broken menu on Minefield when External Filters are enabled (thanks
linuser for reporting)
x Fixed about: URL not being shown in NoScript menu (thanks al_9x for
reporting)
x Removed minor strict warnings on Minefield

v 1.9.9.75
==========================================================================
x Redirected site caching now skips plugin content
x Removed __parent__ usages for Minefield compatibility
x Removed some strict warnings (thanks timeless for reporting)

Version 1.9.9.74 480.3 kB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.74
==========================================================================
x Fixed false positive issue with empty cross-site POST requests (thanks
Bahamut for reporting)

v 1.9.9.73
==========================================================================
x Fixed potential double-firing command issue on Firefox Mobile
+ Added about:addons and about:home to the mandatory whitelist
+ Improved responsivity and usability on Firefox Mobile

v 1.9.9.72
==========================================================================
x Fixed configuration import/export/synchronization bug introduced by
"configuration presets" for Firefox Mobile
+ Finger-friendlier UI on Firefox Mobile

Version 1.9.9.71 479.2 kB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.71
==========================================================================
+ Added "Allowed with untrusted sources and blocked objects" icon
x Fixed minor inconsistencies in new partial allowance feedback icons
(thanks al_9x for reporting)

v 1.9.9.70
==========================================================================
+ Compatibility and better integration with latest Firefox Mobile (Fennec)
+ Experimental external filters for plugin content (e.g. Blitzableiter for
Adobe Flash), see NoScript Options|Advanced|External Filters (Fx >=3.5)
+ New specific partial status icon for pages where all scripts are allowed
but some objects are blocked (thanks al_9x for RFE)
+ "about:blank" won't be shown as a secondary source in NoScript's UI. Old
behavior can be restored by setting the noscript.showBlankSources
preference to true (thanks al_9x for RFE)
+ googleapis.com in the default whitelist
x Fixed 2nd order indirect InjectionChecker bypass (thanks Sirdarckcat for
reporting)
x Fixed a Mac OS X specific InjectionChecker decoding issue (thanks
Colling Jackson for reporting)

Version 1.9.9.69 468.0 kB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.69
==========================================================================
x Further compatibility improvements in complex bookmarklets handling

v 1.9.9.68
==========================================================================
x Better asynchronous bookmarklets handling, should not crash on
Readability anymore
x Ultimate (maybe!) fix for trunk bug 556739 breakage

v 1.9.9.67
==========================================================================
x Better fix for trunk bug 556739 breakage

v 1.9.9.66
==========================================================================
x Further embed-only sites in menu fixes (thanks al_9x for reporting)

v 1.9.9.65
==========================================================================
x Fixed bookmarklet support broken on trunk by bug 556739 (thanks dhouwn
for reporting)
x Fixed embed-only sites shown in main menu again (thanks al_9x for
reporting)

v 1.9.9.64
==========================================================================
x Better untrusted menu behavior on embedding only sources (thanks al_9x
for reporting)
x Improved InjectionChecker compatibility with OpenID and other complex
requests (thanks Jamie Cox for reporting)
x Fixed accurate Base64 injection checks breaking some encrypted Paypal
buttons

Version 1.9.9.63 465.9 kB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.63
==========================================================================
x Removed ":0" wildcards from NoScript menu in ignorePorts=false mode to
prevent confusing behaviors (thanks al_9x for suggestion)
+ Embedding-only sites are shown in the Untrusted menu if placeholders are
set to be hidden for untrusted embeddings (thanks al_9x for suggestion)

v 1.9.9.62
==========================================================================
x Improved XSS filter sensitivity for Base64-encoded payloads (thanks
Stefano Di Paola for suggestion)
x Improved Facebook connect compatibility (thanks Peter Alexander for
reporting)
x Removed __count__ usage in DNS cache management (SpiderMonkey compat)
x Fixed "Attempt to fix Javascript links" not working when the javascript:
scheme is mixed-case (thanks al_9x for reporting)

Version 1.9.9.61 464.9 kB Works with Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.61
==========================================================================
x Fixed InjectionChecker infinite recursion bug on certain requests
(thanks dhouwn for reporting)
x Fixed plugin activation patches not being applied under some
circumstances

v 1.9.9.60
==========================================================================
+ Pluggable site info page (default http://noscript.net/info/%utf8%;%ace%)
can be opened by middle-click or shift+click on any site entry in
NoScript's menus, and can be configured by editing the
noscript.siteInfoProvider about:config preference
+ More user-friendly management of non-standard TCP ports
x Fixed release notes page might break session restore sometimes
x Locale files maintenance
+ Object sources won't appear in main menu when embedding restrictions
apply to whitelist; previous behavior can be restored by setting the
noscript.alwaysShowObjectSources to false (thanks al_9x for RFE)

v 1.9.9.59
==========================================================================
x Better management of cached requests
x Fixed allowing objects from "Blocked objects" reloading only the first
of each URL/mime pair group (thanks al_9x for reporting)
x Improved Facebook widgets compatibility (thanks Peter Alexander and
Chuck Mullen for reporting)
x Fixed "Allow scripts globally" setting being ignored by the bulk
configuration import feature (thanks Mike Perry for reporting)
x Fixed "Mark as untrusted" menu items being shown in "Allow scripts
globally" mode even if both "Untusted" and "Mark as untrusted" are
unchecked in the Appearace options tab (thanks Mike Perry for reporting)
x Improved bookmarklets support
x Minor bug fixes in jolly port matching
x Improved Anti-Popunder surrogate (thanks justaguest for reporting)

v 1.9.9.58
==========================================================================
x Fixed HTMLObjectElement plugin content being blocked by X-Frame-Options
checks (thanks Titioz for reporting)
x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=553901

Version 1.9.9.57 465.9 kB Works with Firefox 1.5 - 3.7a4pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.57
==========================================================================
x Fixed feed subscription broken on sites implementing X-Frame-Policy
(regression from 1.9.9.56, thanks al_9x for reporting)
x Included js.wlxrs.com in default whitelist in order to make Hotmail
login work out-of-the-box for new users

Version 1.9.9.50 464.9 kB Works with Firefox 1.5 - 3.7a4pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.50
==========================================================================
+ Updated ABE grammar to use new AddressMatcher syntactic sugar
+ Alert about ABE syntax errors when option dialog gets focused after a
ruleset editing (thanks al_9x for suggestion)

v 1.9.9.49
==========================================================================
+ .x.y AddressMatcher syntactic sugar, matching both x.y and *.x.y (thanks
al_9x for suggestion)
+ InjectionChecker speed and accuracy improvements
x Fixed top-level site not being correctly positioned and highlighted in
permissions menu sometimes (thanks nagan for report)
x Fixed post-XSS "Unsafe reload" not working properly sometimes

v 1.9.9.48
==========================================================================
x Fixed a second level InjectionChecker bypass, requiring an open redirect
which accepts and uses unfiltered data: URIs. Responsible disclosure by
the SecuriTeam Secure Disclosure (SSD) project
x Fixed reload on permission change being triggered on the nearest 10 tabs
only
x Fixed permanent address entry being added to the whitelist if domain is
already allowed upon bookmarklet execution (thanks Bobabo for report)
x Better UI behavior for URLs with non-standard ports (thanks al_9x for
report)
x Updated nb-NO localization

Version 1.9.9.47 465.9 kB Works with Firefox 1.5 - 3.7a2pre, Mobile 0.1 - 1.1a1, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.47
==========================================================================
x Fixed XSS checks skipped on some reloads (thanks Alejandro Rusell for
report)
x Improved content placeholder management
x Mobile version bump

v 1.9.9.46
==========================================================================
x Fixed uneeded tab reload issue related to untrusted subdomains (thanks
al_9x for reporting)
x Optimized reload checks for the "hundreds of tabs" case, in order to
prevent UI locking
x Improved XSS checks on file uploads, should not hang even on gigabytes
x Trunk compatibility version bump

Version 1.9.9.45 462.8 kB Works with Firefox 1.5 - 3.7a2pre, Mobile 0.1 - 1.1a1, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.45
==========================================================================
x Enhanced compatibility with Paypal encrypted buttons
x Fixed some anti-popunder surrogate incompatibilities

v 1.9.9.44
==========================================================================
x Fixed allowing a Flash object causing a page reload sometimes (thanks
al9_x for reporting)
x Script Surrogate to work around Facebook's "noscript" cookie
x Fixed minor incompatibilities caused by the anti-popunder surrogate

v 1.9.9.43
==========================================================================
x Fixed broken popup issue on some sites (thanks John for reporting)
x Fixed ghost sites in context menus on about:blank after a complex
frame structure with redirects has been shown in the same tab (thanks
simpleton for reporting)
x Fixed XSS false positive on certain nested URL patterns (thanks
NoRelationToNed for reporting)

Version 1.9.9.42 462.8 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.42
==========================================================================
+ ClearClick: more efficient code paths specific to Fx 3.6 and above
x Fixed zoom-related ClearClick false positives on Fx 3.6 and above
x Fixed fonts being reported as "unknown" type in Blocked Objects menu

v 1.9.9.41
==========================================================================
+ Fix for newline-based double-reflection InjectionChecker bypass (thanks
Sirdarckcat for reporting)
x Surrogate scripts from local files: surrogate's replacement is treated
as a file:// URL and resolved against current browser profile if it
starts with "file://", "./" or "../" (thanks Richard Stallman, Johan
Euphrosine and Sam Imtiaz)

v 1.9.9.40
==========================================================================
x Improved bookmarklet compatibility

Version 1.9.9.39 458.8 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.39
==========================================================================
x Fixed quirks mode triggered by surrogate execution on Gecko < 1.9.1
(thanks Power for suggestions)

v 1.9.9.38
==========================================================================
x Fix for some popups broken by 1.9.9.37

v 1.9.9.37
==========================================================================
x Fixed potential infinite loop occurring when window.open is called in a
recursive context, e.g. on Google Reader (thanks Qbert for reporting)
x Fixed mishandling of non-default 1 value for the proxiedDNS preference

Version 1.9.9.36 458.8 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.36
==========================================================================
+ Anti-Popunder surrogate now applies to all HTTP pages by default
+ DNS activity logging facility (disabled by default)
x Slight optimization of DNS lookups
x Temptative fix for https://bugzilla.mozilla.org/show_bug.cgi?id=501446
crasher (thanks timeless)

Version 1.9.9.35 457.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.35
==========================================================================
x Updated Firefox Mobile (Fennec) compatibility
x Improved and generalized Anti-Popunder surrogate

v 1.9.9.34
==========================================================================
+ Anti-Popunder surrogate extended to AWEmpire popunders (on empornium.us
by default, customizable in noscript.surrogates.popunder.sources)
x Fixed bug in bookmarklet support on about:blank (thanks Milind for
reporting)
x Improved InjectionChecker compatibility with letitbit.net uploads
x Improved InjectionChecker compatibility with Rapidshare uploads

v 1.9.9.33
==========================================================================
x Better HTTPS/HTTP redirection support (thanks ttt for reporting)

v 1.9.9.32
==========================================================================
+ Further InjectionChecker optimizations, providing a dramatic speed boost
on nested URLs (e.g. on iGoogle and many ad networks)

v 1.9.9.31
==========================================================================
+ InjectionChecker accuracy optimization, preventing false positives in
some edge cases with nested URLs (thanks Aditya K Sood for reporting)

Version 1.9.9.30 457.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.30
==========================================================================
+ Injection Checker compatibility with Livejournal comment posting
+ Improved ClearClick compatibility with Facebook applications

v 1.9.9.29
==========================================================================
x Temptative work-around for hard to reproduce content policy DOS false
positive on comcast.net (thanks Jim Too and Alan Baxter for reporting)

v 1.9.9.28
==========================================================================
x Work-around for a Flash player double-instantiation bug in Gecko 1.9.0
preventing some movies from playing (thanks secdroid for reporting)
- Removed placeholder enhancements for Gecko 1.8.x, due to unwanted side
effects on some sites

Version 1.9.9.27 456.7 kB Works with Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.27
==========================================================================
x Placeholder enhancements backported to Gecko 1.8.x
x Fixed missing placeholders on Gecko 1.8.x (thanks al9_x for reporting)

v 1.9.9.26
==========================================================================
x Reduced reflow chances on placeholder activation
x Improved InjectionChecker compatibility with Facebook Connect

v 1.9.9.25
==========================================================================
x Fixed Flash swallowed clicks regression on Gecko 1.8.x (thanks al9_x for
reporting)

v 1.9.9.24
==========================================================================
x Fixed "Temporarily allow" regression

v 1.9.9.23
==========================================================================
+ Specific scriptless partial permissions icon for partially allowed
framesets (thanks al9_x for reporting)
x Reduced disk activity on permission change (thanks al9_x for RFE)
x Work-around for a Java initialization failure