NoScript Security Suite Version History

859 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.6.9.5.1-signed 543.4 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.5
=============================================================
x Fixed memory leak when a top-level browser window is closed
(thanks cks for reporting)
x [XSS] compatibility tweak for swisspost.ch
x Miscellaneous HTTPS URLs lockdown
+ Support for full-encrypted https://noscript.net
x Updated Twitter surrogate (thanks ozjuggler and barbaz)
x Work-around for thumbnail generation protection being
broken by some add-ons
x Fully disable background processed thumbnail generation
unless noscript.bgThumbs.allowed about:config preference
is set to true
x Control JavaScript enabled in background thumbail
generation through the noscript.bgThumbs.disableJS
about:config preference
+ Forcing remote browsers used for thumbnail generation to
disable JavaScript (thanks vpoint for reporting)
+ [Surrogate] Invodo dummy replacement (thanks barbaz)

Version 2.6.9.5rc3 543.4 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.5rc3
=============================================================
x Fixed memory leak when a top-level browser window is closed
(thanks cks for reporting)
x [XSS] compatibility tweak for swisspost.ch
x Miscellaneous HTTPS URLs lockdown

v 2.6.9.5rc2
=============================================================
+ Support for full-encrypted https://noscript.net
x Updated Twitter surrogate (thanks ozjuggler and barbaz)
x Work-around for thumbnail generation protection being
broken by some add-ons
x Fully disable background processed thumbnail generation
unless noscript.bgThumbs.allowed about:config preference
is set to true
x Control JavaScript enabled in background thumbail
generation through the noscript.bgThumbs.disableJS
about:config preference

v 2.6.9.5rc1
=============================================================
+ Forcing remote browsers used for thumbnail generation to
disable JavaScript (thanks vpoint for reporting)
+ [Surrogate] Invodo dummy replacement (thanks barbaz)

Version 2.6.9.5rc2 543.4 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.5rc2
=============================================================
+ Support for full-encrypted https://noscript.net
x Updated Twitter surrogate (thanks ozjuggler and barbaz)
x Work-around for thumbnail generation protection being
broken by some add-ons
x Fully disable background processed thumbnail generation
unless noscript.bgThumbs.allowed about:config preference
is set to true
x Control JavaScript enabled in background thumbail
generation through the noscript.bgThumbs.disableJS
about:config preference

v 2.6.9.5rc1
=============================================================
+ Forcing remote browsers used for thumbnail generation to
disable JavaScript (thanks vpoint for reporting)
+ [Surrogate] Invodo dummy replacement (thanks barbaz)

Version 2.6.9.5rc1 543.2 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.5rc1
=============================================================
+ Forcing remote browsers used for thumbnail generation to
disable JavaScript (thanks vpoint for reporting)
+ [Surrogate] Invodo dummy replacement (thanks barbaz)

Version 2.6.9.4.1-signed 542.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.4
=============================================================
+ Added vimeocdn.com as a vimeo.com dependency if already
whitelisted
+ [Surrogate] Enabling imgserve.com age verification button
even if JavaScript is disabled
x Fixed IP6 to IP4 mapping bug (thanks stack / inventati)

Version 2.6.9.4rc1 542.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.4rc1
=============================================================
+ Added vimeocdn.com as a vimeo.com dependency if already
withlisted
+ [Surrogate] Enabling imgserve.com age verification button
even if JavaScript is disabled
x Fixed IP6 to IP4 mapping bug (thanks stack / inventati)

Version 2.6.9.3.1-signed 542.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.3
=============================================================
x More accurate referrer checks for some edge cases (thanks
AlbertMTom for reporting)
x [ABE] More restrictive local IP checks (thanks AlbertMTom
for reporting)
+ More permissive AddressMatcher IP parser
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

Version 2.6.9.3rc3 542.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.3rc3
=============================================================
x More accurate referrer checks for some edge cases (thanks
AlbertMTom for reporting)
x Fixed regression in LOCAL IP matching for 192.168.0.0/16
(thanks barbaz for reporting)

v 2.6.9.3rc2
=============================================================
x [ABE] More restrictive local IP checks (thanks AlbertMTom
for reporting)
+ More permissive AddressMatcher IP parser

v 2.6.9.3rc1
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

Version 2.6.9.3rc2 542.9 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.3rc2
=============================================================
x [ABE] More restrictive local IP checks (thanks AlbertMTom
for reporting)
+ More permissive AddressMatcher IP parser

v 2.6.9.3rc1
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

Version 2.6.9.3rc1 542.8 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.3rc1
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

Version 2.6.9.2.1-signed 542.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.2
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

Version 2.6.9.2rc3 542.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.2rc3
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

v 2.6.9.2rc2
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

v 2.6.9.2rc1
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

Version 2.6.9.2rc2 542.8 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.2rc2
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

v 2.6.9.2rc1
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

Version 2.6.9.2rc1 542.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.2rc1
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

Version 2.6.9.1.1-signed 542.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.1
=============================================================
+ [XSS] focus-based exfiltration protection (thanks Masato
Kinugawa for reporting)
x [XSS] Fixed false positive in risky operators detection
(thanks Roman Vock for reporting)

Version 2.6.9.1rc2 542.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.1rc2
=============================================================
+ [XSS] Improved focus-based exfiltration protection

v 2.6.9.1rc1
=============================================================
+ [XSS] focus-based exfiltration protection (thanks Masato
Kinugawa for reporting)
x [XSS] Fixed false positive in risky operators detection
(thanks Roman Vock for reporting)

Version 2.6.9.1rc1 542.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9.1rc1
=============================================================
+ [XSS] focus-based exfiltration protection (thanks Masato
Kinugawa for reporting)
x [XSS] Fixed false positive in risky operators detection
(thanks Roman Vock for reporting)

Version 2.6.9.1-signed 542.6 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9
=============================================================
+ [XSS] Improved location-based exfiltration protection
(thanks Masato Kinugawa for reporting)
+ [Surrogate] login.person.org inclusion (thanks barbaz)
x [XSS] Fixed 2.6.8.43 regressions
x [XSS] Improved specificity for eval-like patterns
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support

v 2.6.9rc4
=============================================================
+ [XSS] Fixed bug in location-based exfiltration protection
(thanks Masato Kinugawa for reporting)

v 2.6.9rc3
=============================================================
+ [XSS] Improved location-based exfiltration protection
(thanks Masato Kinugawa for reporting)

v 2.6.9rc2
=============================================================
+ [Surrogate] login.person.org inclusion (thanks barbaz)
x [XSS] Fixed 2.6.8.43 regressions
x [XSS] Improved specificity for eval-like patterns

v 2.6.9rc1
=============================================================
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support
x [XSS] Fixed 2.6.8.43 regressions

Version 2.6.9rc4 542.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9rc4
=============================================================
+ [XSS] Fixed bug in location-based exfiltration protection
(thanks Masato Kinugawa for reporting)

v 2.6.9rc3
=============================================================
+ [XSS] Improved location-based exfiltration protection
(thanks Masato Kinugawa for reporting)

v 2.6.9rc2
=============================================================
+ [Surrogate] login.person.org inclusion (thanks barbaz)
x [XSS] Fixed 2.6.8.43 regressions
x [XSS] Improved specificity for eval-like patterns

v 2.6.9rc1
=============================================================
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support
x [XSS] Fixed 2.6.8.43 regressions

Version 2.6.9rc3 542.7 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9rc3
=============================================================
+ [XSS] Improved location-based exfiltration protection
(thanks Masato Kinugawa for reporting)

Version 2.6.9rc2 542.6 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9rc2
=============================================================
+ [Surrogate] login.person.org inclusion (thanks barbaz)
x [XSS] Fixed 2.6.8.43 regressions
x [XSS] Improved specificity for eval-like patterns

v 2.6.9rc1
=============================================================
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support
x [XSS] Fixed 2.6.8.43 regressions

Version 2.6.9rc1 544.2 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.9rc1
=============================================================
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support
x [XSS] Fixed 2.6.8.43 regressions

Version 2.6.8.43.1-signed 541.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.43
=============================================================
x [XSS] Protection against some exfiltration attacks based on
arithmetic operators (thanks Masato Kinugawa and File
Descriptor AKA XSS Jigsaw for reporting)

Version 2.6.8.43rc2 541.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.43rc2
=============================================================
x [XSS] Fixed rc1 regression (thanks Masato Kinugawa for
reporting)

v 2.6.8.43rc1
=============================================================
x [XSS] Protection against some exfiltration attacks based on
arithmetic operators (thanks Masato Kinugawa and File
Descriptor AKA XSS Jigsaw for reporting)

Version 2.6.8.43rc1 541.1 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.43rc1
=============================================================
x [XSS] Protection against some exfiltration attacks based on
arithmetic operators (thanks Masato Kinugawa and File
Descriptor AKA XSS Jigsaw for reporting)

Version 2.6.8.42.1-signed 541.0 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x [XSS] Improved window.name exfiltration protection
(thanks Masato Kinugava for reporting)

v 2.6.8.42rc2
=============================================================
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.42rc3 541.0 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x [XSS] Improved window.name exfiltration protection
(thanks Masato Kinugava for reporting)

v 2.6.8.42rc2
=============================================================
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.42rc2 540.8 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.42rc2
=============================================================
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.42rc1 540.5 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.41.1-signed 540.4 kB Works with Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.6.8.41
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for help)
x Added "Always ask" checkbox to the removal confirmation
dialog (thanks agaxwtmp for RFE)
x Fixed Options dialog broken on ancient Firefox versions
x [XSS] Fixed false positive within *.adxns.com