Historial de versiones de NoScript

880 versiones

¡Ten cuidado con las versiones antiguas!

Estas versiones se muestran con propósitos de referencia y pruebas. Debes usar siempre la última versión de un complemento.

Versión 2.6.6.3rc1 534.5 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6.3rc1
=========================================================================
x Improved "fixable" JavaScript links detection (thanks asdf for RFE)

Versión 2.6.6.2.1-signed 534.3 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6.2
=========================================================================
x Fixed regression in Tab Mix Plus compatibility due to Gecko 21 changes
x Improved placeholder management for full-document plugin content, e.g.
makes Youtube embeddings more usable on Facebook

Versión 2.6.6.2rc2 534.6 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6.2rc2
=========================================================================
x Fixed regression in Tab Mix Plus compatibility due to Gecko 21 changes

v 2.6.6.2rc1
=========================================================================
x Improved placeholder management for full-document plugin content, e.g.
makes Youtube embeddings more usable on Facebook

Versión 2.6.6.2rc1 534.4 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6.2rc1
=========================================================================
x Improved placeholder management for full-document plugin content, e.g.
makes Youtube embeddings more usable on Facebook

Versión 2.6.6.1.1-signed 534.2 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6.1
=========================================================================
x Fixed backward compatibility issue with recent channel cloning changes
x [XSS] Compatibility with certain redirector URL patterns (thanks
Stephen F. for reporting)
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Versión 2.6.6.1rc2 534.6 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6.1rc2
=========================================================================
x Fixed backward compatibility issue with recent channel cloning changes
x [XSS] Compatibility with certain redirector URL patterns (thanks
Stephen F. for reporting)

v 2.6.6.1rc1
=========================================================================
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Versión 2.6.6.1rc1 534.3 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6.1rc1
=========================================================================
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Versión 2.6.6.1-signed 532.4 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6
=========================================================================
x Added per-window private browsing support to some background requests
x Improved channel cloning for internal redirections
x Added further Microsoft mail services dependencies to the default
whitelist
x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden
s forbidden

Versión 2.6.6rc5 532.7 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6rc5
=========================================================================
x Added per-window private browsing support to some background requests
x Improved channel cloning for internal redirections
x Added further Microsoft mail services dependencies to the default
whitelist

v 2.6.6rc4
=========================================================================
x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)

v 2.6.6rc3
=========================================================================
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)

v 2.6.6rc2
=========================================================================
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Versión 2.6.6rc4 532.1 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6rc4
=========================================================================
x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)

v 2.6.6rc3
=========================================================================
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)

v 2.6.6rc2
=========================================================================
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Versión 2.6.6rc3 532.3 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6rc3
=========================================================================
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)

v 2.6.6rc2
=========================================================================
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Versión 2.6.6rc1 532.0 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.6rc1
=========================================================================
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden

Versión 2.6.5.9.1-signed 531.9 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.9
=========================================================================
x Fixed outlook.com UI broken in Nightly by work-around for bug 677050
(thanks Raùl Duràn of Microsoft for troubleshooting help)
- Removed STS support for Gecko >= 4, which provides built-in HSTS
x Work around for multiple object creation causing UI inconsistencies
(thanks al_9x for reporting)
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
Function.prototype.toSource() (thanks yahoo mail user for report)

Versión 2.6.5.9rc3 532.0 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.9rc3
=========================================================================
x Fixed outlook.com UI broken in Nightly by work-around for bug 677050
(thanks Raùl Duràn of Microsoft for troubleshooting help)

v 2.6.5.9rc2
=========================================================================
- Removed STS support for Gecko >= 4, which provides built-in HSTS
x Work around for multiple object creation causing UI inconsistencies
(thanks al_9x for reporting)

v 2.6.5.9rc1
=========================================================================
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
Function.prototype.toSource() (thanks yahoo mail user for report)

Versión 2.6.5.9rc2 531.9 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

Versión 2.6.5.9rc1 532.4 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.9rc1
=========================================================================
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
Function.prototype.toSource() (thanks yahoo mail user for report)

Versión 2.6.5.8.1-signed 531.3 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.8
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Versión 2.6.5.8rc4 531.4 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.8rc4
=========================================================================
x Fixed "Mark as Untrusted" button on the "Site Info" page not working
properly (thanks SwissBIT for reporting)

v 2.6.5.8rc3
=========================================================================
x Fixed Google Analytics cross-site checks breaking GMail composition
window (thanks Michael Mischurow for reporting)

v 2.6.5.8rc2
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Versión 2.6.5.8rc3 531.4 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.8rc3
=========================================================================
x Fixed Google Analytics cross-site checks breaking GMail composition
window (thanks Michael Mischurow for reporting)

v 2.6.5.8rc2
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Versión 2.6.5.8rc2 531.4 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.8rc2
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Versión 2.6.5.8rc1 531.1 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.8rc1
=========================================================================
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Versión 2.6.5.7.1-signed 531.0 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.7
=========================================================================
x Made "Yes, remove all protections" the default button in the removal
warning dialog
x [XSS] Fixed post-response encoding checks applied to UTF-8 pages too
(thanks Masato Kinugawa for reporting)
x [XSS] Removed host redirection chance on XSS-vulnerable pages (thanks
Masato Kinugawa for reporting)

v 2.6.5.6
=========================================================================
x [XSS] Smarter syntax check optimization, removes harmful side effect
(thanks Masato Kinugawa for reporting)

v 2.6.5.5
=========================================================================
x [XSS] Fixed bug in broken string literals balancing (thanks Masato
Kinugawa for reporting)

v 2.6.5.4
=========================================================================
+ [XSS] Obfuscated string literals detection (thanks Masato Kinugawa for
reporting)

v 2.6.5.3
=========================================================================
x [XSS] Improved parsing while decoding mixed-charset encoded URLs
(thanks Masato Kinugawa for reporting)
+ [XSS] Better decoding of maliciously mixed-charset encoded strings
(thanks Masato Kinugawa for reporting)

v 2.6.5.2
=========================================================================
x [XSS] Work-around for a Gecko race condition allowing some
script-enabled attackers to make the charset-mismatch checks abort
prematurely (thanks Masato Kinugawa for reporting)

v 2.6.5.1
=========================================================================
+ [XSS] Forced unicode conversions more resilient to invalid input
(thanks Masato Kinugawa for reporting)

v 2.6.5
=========================================================================
+ [XSS] More exotic charset awareness added to script injection checks
(thanks Masato Kinugawa for reporting)
x [XSS] Removed limited injection chance allowing redirection of XSS
vulnerable pages to an integral IP (thanks Masato Kinugawa for
reporting)
+ "Security Downgrade Warning" suggests blacklist mode as a better option
than uninstalling, to retain scripting-unrelated protections
- Removed legacy uninstall hooks and related localized strings

Versión 2.6.5.7rc2 531.1 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.7rc2
=========================================================================
x Made "Yes, remove all protections" the default button in the removal
warning dialog

v 2.6.5.7rc1
=========================================================================
x [XSS] Fixed post-response encoding checks applied to UTF-8 pages too
(thanks Masato Kinugawa for reporting)
x [XSS] Removed host redirection chance on XSS-vulnerable pages (thanks
Masato Kinugawa for reporting)

Versión 2.6.5.7rc1 531.1 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.7rc1
=========================================================================
x [XSS] Fixed post-response encoding checks applied to UTF-8 pages too
(thanks Masato Kinugawa for reporting)
x [XSS] Removed host redirection chance on XSS-vulnerable pages (thanks
Masato Kinugawa for reporting)

Versión 2.6.5.6.1-signed 531.0 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.6
=========================================================================
x [XSS] Smarter syntax check optimization, removes harmful side effect
(thanks Masato Kinugawa for reporting)

v 2.6.5.5
=========================================================================
x [XSS] Fixed bug in broken string literals balancing (thanks Masato
Kinugawa for reporting)

v 2.6.5.4
=========================================================================
+ [XSS] Obfuscated string literals detection (thanks Masato Kinugawa for
reporting)

v 2.6.5.3
=========================================================================
x [XSS] Improved parsing while decoding mixed-charset encoded URLs
(thanks Masato Kinugawa for reporting)
+ [XSS] Better decoding of maliciously mixed-charset encoded strings
(thanks Masato Kinugawa for reporting)

v 2.6.5.2
=========================================================================
x [XSS] Work-around for a Gecko race condition allowing some
script-enabled attackers to make the charset-mismatch checks abort
prematurely (thanks Masato Kinugawa for reporting)

v 2.6.5.1
=========================================================================
+ [XSS] Forced unicode conversions more resilient to invalid input
(thanks Masato Kinugawa for reporting)

v 2.6.5
=========================================================================
+ [XSS] More exotic charset awareness added to script injection checks
(thanks Masato Kinugawa for reporting)
x [XSS] Removed limited injection chance allowing redirection of XSS
vulnerable pages to an integral IP (thanks Masato Kinugawa for
reporting)
+ "Security Downgrade Warning" suggests blacklist mode as a better option
than uninstalling, to retain scripting-unrelated protections
- Removed legacy uninstall hooks and related localized strings

Versión 2.6.5.6rc1 531.0 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.6rc1
=========================================================================
x [XSS] Smarter syntax check optimization, removes harmful side effect
(thanks Masato Kinugawa for reporting)

v 2.6.5.5rc1
=========================================================================
x [XSS] Fixed bug in broken string literals balancing (thanks Masato
Kinugawa for reporting)

v 2.6.5.4rc1
=========================================================================
+ [XSS] Obfuscated string literals detection (thanks Masato Kinugawa for
reporting)

v 2.6.5.3rc2
=========================================================================
x [XSS] Improved parsing while decoding mixed-charset encoded URLs
(thanks Masato Kinugawa for reporting)

v 2.6.5.3rc1
=========================================================================
+ [XSS] Better decoding of maliciously mixed-charset encoded strings
(thanks Masato Kinugawa for reporting)

v 2.6.5.2rc1
=========================================================================
x [XSS] Work-around for a Gecko race condition allowing some
script-enabled attackers to make the charset-mismatch checks abort
prematurely (thanks Masato Kinugawa for reporting)

v 2.6.5.1rc1
=========================================================================
+ [XSS] Forced unicode conversions more resilient to invalid input
(thanks Masato Kinugawa for reporting)

v 2.6.5rc2
=========================================================================
x Better wording for the "Security Downgrade Warning" options

v 2.6.5rc1
=========================================================================
+ [XSS] More exotic charset awareness added to script injection checks
(thanks Masato Kinugawa for reporting)
x [XSS] Removed limited injection chance allowing redirection of XSS
vulnerable pages to an integral IP (thanks Masato Kinugawa for
reporting)
+ Suggestion of blacklist mode as a viable alternative to disablement or
uninstall which retains protections unrelated to script blocking
- Removed legacy uninstall hooks and related localized strings

Versión 2.6.5.5rc1 531.2 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.5rc1
=========================================================================
x [XSS] Fixed bug in broken string literals balancing (thanks Masato
Kinugawa for reporting)

Versión 2.6.5.4rc1 531.0 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.4rc1
=========================================================================
+ [XSS] Obfuscated string literals detection (thanks Masato Kinugawa for
reporting)

v 2.6.5.3rc2
=========================================================================
x [XSS] Improved parsing while decoding mixed-charset encoded URLs
(thanks Masato Kinugawa for reporting)

v 2.6.5.3rc1
=========================================================================
+ [XSS] Better decoding of maliciously mixed-charset encoded strings
(thanks Masato Kinugawa for reporting)

v 2.6.5.2rc1
=========================================================================
x [XSS] Work-around for a Gecko race condition allowing some
script-enabled attackers to make the charset-mismatch checks abort
prematurely (thanks Masato Kinugawa for reporting)

v 2.6.5.1rc1
=========================================================================
+ [XSS] Forced unicode conversions more resilient to invalid input
(thanks Masato Kinugawa for reporting)

v 2.6.5rc2
=========================================================================
x Better wording for the "Security Downgrade Warning" options

v 2.6.5rc1
=========================================================================
+ [XSS] More exotic charset awareness added to script injection checks
(thanks Masato Kinugawa for reporting)
x [XSS] Removed limited injection chance allowing redirection of XSS
vulnerable pages to an integral IP (thanks Masato Kinugawa for
reporting)
+ Suggestion of blacklist mode as a viable alternative to disablement or
uninstall which retains protections unrelated to script blocking
- Removed legacy uninstall hooks and related localized strings

Versión 2.6.5.3rc2 530.9 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.3rc2
=========================================================================
x [XSS] Improved parsing while decoding mixed-charset encoded URLs
(thanks Masato Kinugawa for reporting)

v 2.6.5.3rc1
=========================================================================
+ [XSS] Better decoding of maliciously mixed-charset encoded strings
(thanks Masato Kinugawa for reporting)

v 2.6.5.2rc1
=========================================================================
x [XSS] Work-around for a Gecko race condition allowing some
script-enabled attackers to make the charset-mismatch checks abort
prematurely (thanks Masato Kinugawa for reporting)

v 2.6.5.1rc1
=========================================================================
+ [XSS] Forced unicode conversions more resilient to invalid input
(thanks Masato Kinugawa for reporting)

v 2.6.5rc2
=========================================================================
x Better wording for the "Security Downgrade Warning" options

v 2.6.5rc1
=========================================================================
+ [XSS] More exotic charset awareness added to script injection checks
(thanks Masato Kinugawa for reporting)
x [XSS] Removed limited injection chance allowing redirection of XSS
vulnerable pages to an integral IP (thanks Masato Kinugawa for
reporting)
+ Suggestion of blacklist mode as a viable alternative to disablement or
uninstall which retains protections unrelated to script blocking
- Removed legacy uninstall hooks and related localized strings

Versión 2.6.5.3rc1 530.9 kB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.6.5.3rc1
=========================================================================
+ [XSS] Better decoding of maliciously mixed-charset encoded strings
(thanks Masato Kinugawa for reporting)

v 2.6.5.2rc1
=========================================================================
x [XSS] Work-around for a Gecko race condition allowing some
script-enabled attackers to make the charset-mismatch checks abort
prematurely (thanks Masato Kinugawa for reporting)

v 2.6.5.1rc1
=========================================================================
+ [XSS] Forced unicode conversions more resilient to invalid input
(thanks Masato Kinugawa for reporting)

v 2.6.5rc2
=========================================================================
x Better wording for the "Security Downgrade Warning" options

v 2.6.5rc1
=========================================================================
+ [XSS] More exotic charset awareness added to script injection checks
(thanks Masato Kinugawa for reporting)
x [XSS] Removed limited injection chance allowing redirection of XSS
vulnerable pages to an integral IP (thanks Masato Kinugawa for
reporting)
+ Suggestion of blacklist mode as a viable alternative to disablement or
uninstall which retains protections unrelated to script blocking
- Removed legacy uninstall hooks and related localized strings