Historial de versiones de NoScript

709 versiones

¡Ten cuidado con las versiones antiguas!

Estas versiones se muestran con propósitos de referencia y pruebas. Debes usar siempre la última versión de un complemento.

Versión 2.5.6 529.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.6
=========================================================================
x [XSS] Fixed slow regular expression causing some base64 request
payloads to trigger false positives (thanks Mirko Tasler for reporting)
+ Force placeholders to frontmost position e.g. on HTML 5 Youtube content
+ New icon for blocked embeddings on globally allowed pages (thanks
therube for RFE)

Versión 2.5.6rc2 529.6 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.6rc2
=========================================================================
+ [XSS] Fixed slow regular expression causing some base64 request
payloads to trigger false positives (thanks Mirko Tasler for reporting)

v 2.5.6rc1
=========================================================================
+ Force placeholders to frontmost position e.g. on HTML 5 Youtube content
+ New icon for blocked embeddings on globally allowed pages (thanks
therube for RFE)

Versión 2.5.6rc1 529.4 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.6rc1
=========================================================================
+ Force placeholders to frontmost position e.g. on HTML 5 Youtube content
+ New icon for blocked embeddings on globally allowed pages (thanks
therube for RFE)

Versión 2.5.5 527.4 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.5
=========================================================================
+ More reliable Java applet origin identification
x Cross-browser work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=789773

Versión 2.5.5rc2 527.4 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.5rc2
=========================================================================
x Cross-browser work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=789773

v 2.5.5rc1
=========================================================================
+ More reliable Java applet origin identification
x Work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=789773

Versión 2.5.5rc1 527.4 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.5rc1
=========================================================================
+ More reliable Java applet origin identification
x Work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=789773

Versión 2.5.4 527.4 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.4
=========================================================================
x Fixed HTTP checks not being skipped anymore for some chrome-generated
XMLHttpRequest requests because of a Gecko 15 change
x Work-around for cloned DOM nodes not retaining additional
chrome-attached information anymore, thus breaking placeholders in some
cases (thanks al_9x for reporting)
x Fixed placeholder post-enablement event channeling broken by Sandbox
changes
x Fixed placeholder sizes messed up by changes in Gecko 17
x Work-around for broken content policy call for Java plugin on Gecko 17
and above (thanks marty60 for reporting)

Versión 2.5.4rc3 527.4 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.4rc3
=========================================================================
x Fixed HTTP checks not being skipped anymore for some chrome-generated
XMLHttpRequest requests because of a Gecko 15 change
x Work-around for cloned DOM nodes not retaining additional
chrome-attached information anymore, thus breaking placeholders in some
cases (thanks al_9x for reporting)
x Fixed placeholder post-enablement event channeling broken by Sandbox
changes

v 2.5.4rc2
=========================================================================
x Fixed meta-refresh emulation regression in Gecko 16 and below

v 2.5.4rc1
=========================================================================
x Fixed placeholder sizes messed up by changes in Gecko 17
x Work-around for broken content policy call for Java plugin on Gecko 17
and above (thanks marty60 for reporting)

Versión 2.5.4rc2 527.4 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.4rc2
=========================================================================
x Fixed meta-refresh emulation regression in Gecko 16 and below

v 2.5.4rc1
=========================================================================
x Fixed placeholder sizes messed up by changes in Gecko 17
x Work-around for broken content policy call for Java plugin on Gecko 17
and above (thanks marty60 for reporting)

Versión 2.5.4rc1 527.4 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.4rc1
=========================================================================
x Fixed placeholder sizes messed up by changes in Gecko 17
x Work-around for broken content policy call for Java plugin on Gecko 17
and above (thanks marty60 for reporting)

Versión 2.5.3 526.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.3
=========================================================================
x [XSS] Fixed false positives on URLs containing an ASP.NET cookieless
session identifier (thanks Trupti Chaudhari for reporting)
+ noscript.eraseFloatingElements about:config preference to switch the
mousedown + del key floating popup erasing feature off and on
x Limited the mousedown + del key floating popup erasing feature to pages
where scripts are forbidden and to absolute or fixed position elements
x Fixed JavaScript URL non-void expression evaluation in the URL bar
causing scripts to get globally allowed (thanks al_9x for reporting)
x [XSS] Work-around for a Gecko URL parsing quirk (thanks .mario for
reporting)

Versión 2.5.3rc4 527.4 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.3rc4
=========================================================================
x Fixed false positives on URL containing an ASP.NET cookieless session
identifier (thanks Trupti Chaudhari for reporting)

v 2.5.3rc3
=========================================================================
+ noscript.eraseFloatingElements about:config preference to switch the
mousedown + del key floating popup erasing feature off and on
x Limited the mousedown + del key floating popup erasing feature to pages
where scripts are forbidden and to absolute or fixed position elements

v 2.5.3rc2
=========================================================================
x Fixed JavaScript URL non-void expression evaluation in the URL bar
causing scripts to get globally allowed (thanks al_9x for reporting)

v 2.5.3rc1
=========================================================================
x [XSS] Work-around for a Gecko URL parsing quirk (thanks .mario for
reporting)

Versión 2.5.3rc3 526.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.3rc3
=========================================================================
+ noscript.eraseFloatingElements about:config preference to switch the
mousedown + del key floating popup erasing feature off and on
x Limited the mousedown + del key floating popup erasing feature to pages
where scripts are forbidden and to absolute or fixed position elements

v 2.5.3rc2
=========================================================================
x Fixed JavaScript URL non-void expression evaluation in the URL bar
causing scripts to get globally allowed (thanks al_9x for reporting)

v 2.5.3rc1
=========================================================================
x [XSS] Work-around for a Gecko URL parsing quirk (thanks .mario for
reporting)

Versión 2.5.3rc2 526.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.3rc2
=========================================================================
x Fixed JavaScript URL non-void expression evaluation in the URL bar
causing scripts to get globally allowed (thanks al_9x for reporting)

v 2.5.3rc1
=========================================================================
x [XSS] Work-around for a Gecko URL parsing quirk (thanks .mario for
reporting)

Versión 2.5.3rc1 526.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

Versión 2.5.2 526.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.2
=========================================================================
x [ClearClick] Improved protection against clickjacking timing attacks
(thanks Nafeez Ahmed for reporting)
x Fine tuned floating div (in-page popup) removal by locking it to the
nearest positioned ancestor and swallowing the mouseup event if the
DEL key has been hit after last mousedown

Versión 2.5.2rc2 526.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.2rc2
=========================================================================
x [ClearClick] Improved protection against clickjacking timing attacks
(thanks Nafeez Ahmed for reporting)

v 2.5.2rc1
=========================================================================
x Fine tuned floating div (in-page popup) removal by locking it to the
nearest positioned ancestor and swallowing the mouseup event if the
DEL key has been hit after last mousedown

Versión 2.5.2rc1 526.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.2rc1
=========================================================================
x Fine tuned floating div (in-page popup) removal by locking it to the
nearest positioned ancestor and swallowing the mouseup event if the
DEL key has been hit after last mousedown

Versión 2.5.1 526.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

+ Holding the left mouse button down on a page element and hitting the
DEL key will remove it (useful to forcibly kill in-page popups when
scripts are disabled)
x Fixed Acid3 test scoring 99 instead of 100 because of a Cursorjacking
protection implementation detail
- Disabled LiveConnect interception on Gecko 16 or better, since Java
globals have been removed from the DOM
x [XSS] Work-around for Mozilla TBPL DOS (thanks Daniel Holbert for
reporting)
x Fixed Silverlight and Flash scripted initialization patches being
broken by recent JavaScript interpreter changes
x Work-around for hp-ww.com misconfiguration (JavaScript files served
with bogus content-type header)

Versión 2.5.1rc2 526.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.1rc2
=========================================================================
+ Holding the left mouse button down on a page element and hitting the
DEL key will remove it (useful to forcibly kill in-page popups when
scripts are disabled)
x Fixed Acid3 test scoring 99 instead of 100 because of a Cursorjacking
protection implementation detail
- Disabled LiveConnect interception on Gecko 16 or better, since Java
globals have been removed from the DOM
x [XSS] Work-around for Mozilla TBPL DOS (thanks Daniel Holbert for
reporting)
x Fixed Silverlight and Flash scripted initialization patches being
broken by recent JavaScript interpreter changes

Versión 2.5.1rc1 525.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5.1rc1
=========================================================================
x Work-around for hp-ww.com misconfiguration (JavaScript files served
with bogus content-type header)

Versión 2.5 525.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5
=========================================================================
+ [XSS] Improved XML handling algorithm preserves E4X detection accuracy
while removing false positives, e.g. against OAUTH payloads
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x [XSS] Added exception for self-injecting yahoo.com/yimg.com frames (can
be disabled by setting the noscript.filterXExceptions.yahoo
about:config preference to false)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Versión 2.5rc6 525.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5rc6
=========================================================================
+ [XSS] Further reduction in false positives triggered by XML payloads

v 2.5rc5
=========================================================================
x Further hack to remove the height attribute automatically set on the
notification stack by browser tools (thanks therube for reporting)

v 2.5rc4
=========================================================================
x Hack to automatically restore the notification bar position as the last
of its sibling DOM nodes, as a better work-around for browser tools
messing with its height
- Removed ineffective CSS-based work-around for the browser tools
splitter messing with NoScript notification's height

v 2.5rc3
=========================================================================
+ [XSS] Improved XML handling algorithm preserves E4X detection accuracy
while removing false positives, e.g. against OAUTH payloads
x [XSS] Added exception for self-injecting yahoo.com/yimg.com frames (can
be disabled by setting the noscript.filterXExceptions.yahoo
about:config preference to false)

v 2.5rc2
=========================================================================
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)

v 2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Versión 2.5rc5 525.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5rc5
=========================================================================
x Further hack to remove the height attribute automatically set on the
notification stack by browser tools (thanks therube for reporting)

v 2.5rc4
=========================================================================
x Hack to automatically restore the notification bar position as the last
of its sibling DOM nodes, as a better work-around for browser tools
messing with its height
- Removed ineffective CSS-based work-around for the browser tools
splitter messing with NoScript notification's height

v 2.5rc3
=========================================================================
+ [XSS] Improved XML handling algorithm preserves E4X detection accuracy
while removing false positives, e.g. against OAUTH payloads
x [XSS] Added exception for self-injecting yahoo.com/yimg.com frames (can
be disabled by setting the noscript.filterXExceptions.yahoo
about:config preference to false)

v 2.5rc2
=========================================================================
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)

v 2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Versión 2.5rc4 525.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5rc4
=========================================================================
+ Hack to automatically restore the notification bar position as the last
of its sibling DOM nodes, as a better work-around for browser tools
messing with its height
- Removed ineffective CSS-based work-around for the browser tools
splitter messing with NoScript notification's height

v 2.5rc3
=========================================================================
+ [XSS] Improved XML handling algorithm preserves E4X detection accuracy
while removing false positives, e.g. against OAUTH payloads
x [XSS] Added exception for self-injecting yahoo.com/yimg.com frames (can
be disabled by setting the noscript.filterXExceptions.yahoo
about:config preference to false)

v 2.5rc2
=========================================================================
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)

v 2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Versión 2.5rc3 525.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.5rc3
=========================================================================
+ [XSS] Improved XML handling algorithm preserves E4X detection accuracy
while removing false positives, e.g. against OAUTH payloads
x [XSS] Added exception for self-injecting yahoo.com/yimg.com frames (can
be disabled by setting the noscript.filterXExceptions.yahoo
about:config preference to false)

v 2.5rc2
=========================================================================
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)

v 2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Versión 2.5rc2 525.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

2.5rc2
=========================================================================
x Work-around for additional browser tools placed on the bottom of the
content messing with NoScript's notification height (thanks ochristi
for report)
x Fixed placeholders for absolutely positioned elements may cause layout
glitches (thanks al_9x for reporting)

2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Versión 2.5rc1 525.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

2.5rc1
=========================================================================
x Fixed interaction with built-in Firefox's click-to-play causing
infinite object activation loop (thanks al_9x for reporting)

Versión 2.4.9 525.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.4.9
=========================================================================
+ Added ability to replace obsolete default whitelist entries
x Replaced browserid.org with persona.org in the default whitelist
x Improved anti-DOS protection
x Better usability with some HTML5 Youtube videos (thanks Mike Perry
for reporting)
x Reverted to the ctrl+shift+S main keyboard shortcut
x [XSS] Fixed XML preprocessing breaking detection of some E4X
constructs (thanks Pepe Vila for reporting)
+ [XSS] Protection against error-based SQLI with a XSS payload (thanks
Ashar Javed for reporting, original disclosure by Keith Makan)

Versión 2.4.9rc2 525.3 KB Funciona con Firefox 3.0.9 y posterior, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 y posterior

v 2.4.9rc2
=========================================================================
+ Added ability to replace obsolete default whitelist entries
x Replaced browserid.org with persona.org in the default whitelist
x Improved anti-DOS protection
x Better usability with some HTML5 Youtube videos (thanks Mike Perry
for reporting)
x Reverted to the ctrl+shift+S main keyboard shortcut
x [XSS] Fixed XML preprocessing breaking detection of some E4X
constructs (thanks Pepe Vila for reporting)

v 2.4.9rc1
=========================================================================
+ [XSS] Protection against error-based SQLI with a XSS payload (thanks
Ashar Javed for reporting, original disclosure by Keith Makan)