NoScript Security Suite Version History

891 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.6.9.36 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.36
=============================================================
x [L10n] Fixed typo in nb-NO (thanks Mikkel H.)
x [e10s] Fixed top-level site auto-whitelisting broken
x [e10s] Fixed MozBug 1196477 (crash with allowLocalLinks)
x Shorthands reliability improvements
x [ClearClick] fixed console spam due to missing XPCOM
interfaces for HTML elements
x In order to help Netflix users with the new video delivery
system, users who have netflix.com already in their
whitelist get https://*.nflxvideo.net whitelisted as
well on upgrade

Version 2.6.9.36rc2 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.36rc2
=============================================================
x [L10n] Fixed typo in nb-NO (thanks Mikkel H.)
x [e10s] Fixed top-level site auto-whitelisting broken
x [e10s] Fixed MozBug 1196477 (crash with allowLocalLinks)
x Shorthands reliability improvements

Version 2.6.9.36rc1 548.2 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.36rc1
=============================================================
x [ClearClick] fixed console spam due to missing XPCOM
interfaces for HTML elements
x In order to help Netflix users with the new video delivery
system, users who have netflix.com already in their
whitelist get https://*.nflxvideo.net whitelisted as
well on upgrade

Version 2.6.9.35 548.8 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.35
=============================================================
x [Surrogate] googletagservices.com replacement now supports
custom googletag objects (thanks barbaz)
x [Surrogate] fixed surrogates stopped working on older
Gecko versions (thanks barbaz)
x [XSS] Work-around for false positive on some Yahoo! URLs
x Corrected mistyped about:pocket-saved whitelist entry
x Fixed race condition in ABE options observer causing
l.getRowCount() console spam

Version 2.6.9.35rc2 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.35rc2
=============================================================
x [Surrogate] fixed surrogates stopped working on older
Gecko versions - take 2 (thanks barbaz)


v 2.6.9.35rc1
=============================================================
x [Surrogate] googletagservices.com replacement now supports
custom googletag objects (thanks barbaz)
x [Surrogate] fixed surrogates stopped working on older
Gecko versions
x [XSS] Work-around for false positive on some Yahoo! URLs
x Corrected mistyped about:pocket-saved whitelist entry
x Fixed race condition in ABE options observer causing
l.getRowCount() console spam

Version 2.6.9.35rc1 548.8 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.35rc1
=============================================================
x [Surrogate] googletagservices.com replacement now supports
custom googletag objects (thanks barbaz)
x [Surrogate] fixed surrogates stopped working on older
Gecko versions
x [XSS] Work-around for false positive on some Yahoo! URLs
x Corrected mistyped about:pocket-saved whitelist entry
x Fixed race condition in ABE options observer causing
l.getRowCount() console spam

Version 2.6.9.34 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.34
=============================================================
x [Surrogate] Fixed a bug preventing some replacements from
running
x [XSS] Fixed over-optimized JSON and dots erasure allowing
for a filter bypass in specific (and likely rare)
circumstances (thanks Gareth Heyes for reporting)

Version 2.6.9.34rc2 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.34rc2
=============================================================
x [Surrogate] Fixed a bug preventing some replacements from
running

Version 2.6.9.34rc1 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.34rc1
=============================================================
x [XSS] Fixed over-optimized JSON and dots erasure allowing
for a filter bypass in specific (and likely rare)
circumstances (thanks Gareth Heyes for reporting)

Version 2.6.9.33 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.33
=============================================================
x [XSS] Fixed bug in minimal inline JavaScript fragment
detection (thanks Frederik Braun for reporting)
x [L10n] Updated Russian (thanks fatboy).
x [Surrogate] fixed scope conflicts caused by the $S() object
replacement wrapper (e.g. with some EA games)

Version 2.6.9.33rc2 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.33rc2
=============================================================
x [XSS] Fixed bug in minimal inline JavaScript fragment
detection (thanks Frederik Braun for reporting)

v 2.6.9.33rc1
=============================================================
x [Surrogate] fixed scope conflicts caused by the $S() object
replacement wrapper (e.g. with some EA games)

Version 2.6.9.33rc1 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.33rc1
=============================================================
x [Surrogate] fixed scope conflicts caused by the $S() object
replacement wrapper (e.g. with some EA games)

Version 2.6.9.32 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.32
=============================================================
+ Added domains required for Netflix playback to the default
whitelist
x Fixed inline script blocking broken by latest Nightlies
x Fixed NOSCRIPT elements not being shown in script-blocked
pages on Firefox betas
x [Surrogate] shimmed or replaced code causing deprecations
x [Surrogate] updated googletag replacement (thanks barbaz)
x [XSS] Fixed regression in minimal inline JavaScript
fragment detection (thanks Gareth Heyes for reporting)
x Fixed edge case causing JavaScript redirections detection
to fail on http://qklnk.co/ (thanks Jess Hampshire for RFE)

Version 2.6.9.32rc4 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.32rc4
=============================================================
x [Surrogate] fixed regression causing some replacements
not to work correctly.

v 2.6.9.32rc3
=============================================================
+ Added domains required for Netflix playback to the default
whitelist
x Fixed inline script blocking broken by latest Nightlies
x Fixed NOSCRIPT elements not being shown in script-blocked
pages on Firefox betas
x [Surrogate] shimmed or replaced code causing deprecations
x [Surrogate] updated googletag replacement (thanks barbaz)

v 2.6.9.32rc2
=============================================================
x [XSS] Fixed regression in minimal inline JavaScript
fragment detection (thanks Gareth Heyes for reporting)

v 2.6.9.32rc1
=============================================================
x Fixed edge case causing JavaScript redirections detection
to fail on http://qklnk.co/ (thanks Jess Hampshire for RFE)

Version 2.6.9.32rc3 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.32rc3
=============================================================
+ Added domains required for Netflix playback to the default
whitelist
x Fixed inline script blocking broken by latest Nightlies
x Fixed NOSCRIPT elements not being shown in script-blocked
pages on Firefox betas
x [Surrogate] shimmed or replaced code causing deprecations
x [Surrogate] updated googletag replacement (thanks barbaz)

Version 2.6.9.32rc2 548.3 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Version 2.6.9.32rc1 548.2 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.32rc1
=============================================================
x Fixed edge case causing JavaScript redirections detection
to fail on http://qklnk.co/ (thanks Jess Hampshire for RFE)

Version 2.6.9.31 548.2 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.31
=============================================================
x [XSS] Fixed attribute injection checks regression (thanks
Maxim Rupp and .mario of Cure53 for reporting)

Version 2.6.9.31rc1 548.3 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.31rc1
=============================================================
x [XSS] Fixed attribute injection checks regression (thanks
Maxim Rupp and .mario of Cure53 for reporting)

Version 2.6.9.30 548.2 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.30
=============================================================
x Fixed noscript.allowWhitelistUpdates preference being
ignored
+ Filtering out whitelist additions not required by the
the specific current browser type and version
+ Added about:pocket-save and about:pocket-signup to the
default whitelist
x More restrictive and accurate INCLUSION type check (thanks
Meee for reporting)
x [XSS] Further invalid characters optimization refinement
(thanks Mathias Karlsson for reporting)
x [XSS] Fixed XML stripping optimization to prevent inline
injections (thanks Mathias Karlsson for reporting)
x Default whitelist maintenance: removed prototypejs.org,
cdnjs.cloudflare.com; restored maps.googleapis.com
x [XSS] Updated inline event handlers related code preventing
potential 2nd order injections on very badly coded websites
(thanks Mathias Karlsson for reporting)

Version 2.6.9.30rc5 548.3 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.30rc5
=============================================================
x Fixed about:packet-save whitelisted instead of
about:pocket-saved
x Fixed noscript.allowWhitelistUpdates preference being
ignored
+ Filtering out whitelist additions not required by the
the specific current browser type and version

v 2.6.9.30rc4
=============================================================
+ Added about:pocket-save and about:pocket-signup to the
default whitelist
x More restrictive and accurate INCLUSION type check (thanks
Meee for reporting)

v 2.6.9.30rc3
=============================================================
x [XSS] Further invalid characters optimization refinement
(thanks Mathias Karlsson for reporting)

v 2.6.9.30rc2
=============================================================
x [XSS] Fixed XML stripping optimization to prevent inline
injections (thanks Mathias Karlsson for reporting)
x Default whitelist maintenance: removed prototypejs.org,
cdnjs.cloudflare.com; restored maps.googleapis.com

v 2.6.9.30rc1
=============================================================
x [XSS] Updated inline event handlers related code preventing
potential 2nd order injections on very badly coded websites
(thanks Mathias Karlsson for reporting)

Version 2.6.9.30rc4 548.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.30rc4
=============================================================
+ Added about:pocket-save and about:pocket-signup to the
default whitelist
x More restrictive and accurate INCLUSION type check (thanks
Meee for reporting)

Version 2.6.9.30rc3 548.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.30rc3
=============================================================
x [XSS] Further invalid characters optimization refinement
(thanks Mathias Karlsson for reporting)

Version 2.6.9.30rc2 548.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.30rc2
=============================================================
x [XSS] Fixed XML stripping optimization to prevent inline
injections (thanks Mathias Karlsson for reporting)
x Default whitelist maintenance: removed prototypejs.org,
cdnjs.cloudflare.com; restored maps.googleapis.com

Version 2.6.9.30rc1 548.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.30rc1
=============================================================
x [XSS] Updated inline event handlers related code preventing
potential 2nd order injections on very badly coded websites
(thanks Mathias Karlsson for reporting)

Version 2.6.9.29 549.0 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.29
=============================================================
x [XSS] Improved specificity of invalid characters
optimization to remove a string literal breaking detection
bypass (thanks Mathias Karlsson for reporting)

Version 2.6.9.29rc1 549.0 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.29rc1
=============================================================
x [XSS] Improved specificity of invalid characters
optimization to remove a string literal breaking detection
bypass (thanks Mathias Karlsson for reporting)

Version 2.6.9.28 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.28
=============================================================
x Narrowed googleapis.com default whitelist entry to
ajax.googleapis.com
x [Surrogate] Updated gigya.com and 2mdn.net replacements
(thanks saaib)

Version 2.6.9.28rc2 549.0 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.28rc2
=============================================================
x Narrowed googleapis.com default whitelist entry to
ajax.googleapis.com

Version 2.6.9.28rc1 548.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later