Historique de version de NoScript

932 versions

Méfiez-vous des anciennes versions !

Ces versions sont affichées pour informations et à titre d’essais. Vous devriez toujours utiliser la dernière version d’un module.

Version 2.2.5rc4 519.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.5rc4
==========================================================================
x [ClearClick] Better compatibility with recent Disqus widget versions

v 2.2.5rc3
==========================================================================
x [XSS] Better compatibility with Verified by VISA (www.securesuite.net)
x Tentative work-around for bug 710170

v 2.2.5rc2
==========================================================================
x Work around for Linux tooltips obstructing the embedding unblocking
confirmation dialog

v 2.2.5rc1
==========================================================================
x Work around for Mozilla bug 712649

Version 2.2.5rc2 519.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.5rc2
==========================================================================
x Work around for Linux tooltips obstructing the embedding unblocking
confirmation dialog

v 2.2.5rc1
==========================================================================
x Work around for Mozilla bug 712649

Version 2.2.5rc1 519.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

2.2.5rc1
==========================================================================
x Work around for Mozilla bug 712649

Version 2.2.4.1-signed 519.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.4
==========================================================================
x Fixed some localizations having newlines replaced with 'n' characters

v 2.2.4rc3
==========================================================================
x Fixed regression in SWFObject emulation for plugin placeholders
x Fixed top-level surrogates broken by ECMAv5 version specification

v 2.2.4rc2
==========================================================================
+ [ClearClick] Enhanced protection against same-window timing attacks
with moving pointer (thanks Michal Zalewski for PoC)
x SyntaxChecker's JavaScript version can be configured per-instance
(default "1.5")
x [Surrogate] JavaScript version set to "ECMAv5"
x [Surrogate] Use "ECMAv5" for early syntax checks

v 2.2.4rc1
==========================================================================
x Fixed reflected script inclusion false positive on redirections
- Removed "Forbid Web Bugs", which cannot be reliably enforced anymore
because of speculative parsing
x Restored wlxrs.com in the default whitelist (it had
accidentally changed back to two subdomains)
x Fixed resetting options doesn't erase the untrusted blacklist until
browser restart (thanks ddigas for reporting)

Version 2.2.4rc4 518.1 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.4rc4
==========================================================================
x Fixed some localizations having newlines replaced with 'n' characters

v 2.2.4rc3
==========================================================================
x Fixed regression in SWFObject emulation for plugin placeholders
x Fixed top-level surrogates broken by ECMAv5 version specification

v 2.2.4rc2
==========================================================================
+ [ClearClick] Enhanced protection against same-window timing attacks
with moving pointer (thanks Michal Zalewski for PoC)
x SyntaxChecker's JavaScript version can be configured per-instance
(default "1.5")
x [Surrogate] JavaScript version set to "ECMAv5"
x [Surrogate] Use "ECMAv5" for early syntax checks

v 2.2.4rc1
==========================================================================
x Fixed reflected script inclusion false positive on redirections
- Removed "Forbid Web Bugs", which cannot be reliably enforced anymore
because of speculative parsing
x Restored wlxrs.com in the default whitelist (it had
accidentally changed back to two subdomains)
x Fixed resetting options doesn't erase the untrusted blacklist until
browser restart (thanks ddigas for reporting)

Version 2.2.4rc3 519.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.4rc3
==========================================================================
x Fixed regression in SWFObject emulation for plugin placeholders
x Fixed top-level surrogates broken by ECMAv5 version specification

v 2.2.4rc2
==========================================================================
+ [ClearClick] Enhanced protection against same-window timing attacks
with moving pointer (thanks Michal Zalewski for PoC)
x SyntaxChecker's JavaScript version can be configured per-instance
(default "1.5")
x [Surrogate] JavaScript version set to "ECMAv5"
x [Surrogate] Use "ECMAv5" for early syntax checks

v 2.2.4rc1
==========================================================================
x Fixed reflected script inclusion false positive on redirections
- Removed "Forbid Web Bugs", which cannot be reliably enforced anymore
because of speculative parsing
x Restored wlxrs.com in the default whitelist (it had
accidentally changed back to two subdomains)
x Fixed resetting options doesn't erase the untrusted blacklist until
browser restart (thanks ddigas for reporting)

Version 2.2.4rc2 519.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.4rc2
==========================================================================
+ [ClearClick] Enhanced protection against same-window timing attacks
with moving pointer (thanks Michal Zalewski for PoC)
x SyntaxChecker's JavaScript version can be configured per-instance
(default "1.5")
x [Surrogate] JavaScript version set to "ECMAv5"
x [Surrogate] Use "ECMAv5" for early syntax checks

v 2.2.4rc1
==========================================================================
x Fixed reflected script inclusion false positive on redirections
- Removed "Forbid Web Bugs", which cannot be reliably enforced anymore
because of speculative parsing
x Restored wlxrs.com in the default whitelist (it had
accidentally changed back to two subdomains)
x Fixed resetting options doesn't erase the untrusted blacklist until
browser restart (thanks ddigas for reporting)

Version 2.2.4rc1 519.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.4rc1
==========================================================================
x Fixed reflected script inclusion false positive on redirections
- Removed "Forbid Web Bugs", which cannot be reliably enforced anymore
because of speculative parsing
x Restored wlxrs.com in the default whitelist (it had
accidentally changed back to two subdomains)
x Fixed resetting options not erases the untrusted blacklist until restart
(thanks ddigas for reporting)

Version 2.2.3.1-signed 520.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.3rc4
==========================================================================
+ Configuration import/export directory is persisted across sessions

v 2.2.3rc3
==========================================================================
+ Generalized checks on drag and drop payloads
+ [XSS] Tightened checks on reflected javascript: URIs

v 2.2.3rc2
==========================================================================
x [Surrogate] DOMContentLoad listeners on windows (thanks al_9x for RFE)

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

v 2.2.2rc5
==========================================================================
+ [Surrogate] Wrapped in lexical scoped blocks scripts also when debug
mode is on (thanks al_9x for RFE)
+ [Surrogate] Early one-time syntax checks on setup (thanks al_9x for RFE)
x [ClearClick] Better compatibility with some GMail embeddings
x [XSS] Better compatibility with Visual Studio in-browser documentation
x [ClearClick] Fixed Adblock Plus causing false positives on Fx 3.6
x Improved HTML 5 DnD XSS protection (thanks Soroush Dalili for reporting)
x [Locale] Latvian (thanks gymka)

v 2.2.2rc4
==========================================================================
x Protection against a new XSS technique based on HTML 5 DnD (thanks
Soroush Dalili for reporting)

v 2.2.2rc3
==========================================================================
x Better compatibility with credit card verification systems
x [ABE] Fixed ruleset disablement status not surviving browser restarts
(thanks ssj100 for reporting)

v 2.2.2rc2
==========================================================================
x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Version 2.2.3rc4 520.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.3rc4
==========================================================================
+ Configuration import/export directory is persisted across sessions

v 2.2.3rc3
==========================================================================
+ Generalized checks on drag and drop payloads
+ [XSS] Tightened checks on reflected javascript: URIs

v 2.2.3rc2
==========================================================================
x [Surrogate] DOMContentLoad listeners on windows (thanks al_9x for RFE)

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

Version 2.2.3rc3 520.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.3rc3
==========================================================================
+ Generalized checks on drag and drop payloads
+ [XSS] Tightened checks on reflected javascript: URIs

v 2.2.3rc2
==========================================================================
x [Surrogate] DOMContentLoad listeners on windows (thanks al_9x for RFE)

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

Version 2.2.3rc2 520.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.3rc2
==========================================================================
x [Surrogate] DOMContentLoad listeners on windows (thanks al_9x for RFE)

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

Version 2.2.3rc1 520.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

Version 2.2.2rc5 522.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

2.2.2rc5
==========================================================================
+ [Surrogate] Wrapped in lexical scoped blocks scripts also when debug
mode is on (thanks al_9x for RFE)
+ [Surrogate] Early one-time syntax checks on setup (thanks al_9x for RFE)
x [ClearClick] Better compatibility with some GMail embeddings
x [XSS] Better compatibility with Visual Studio in-browser documentation
x [ClearClick] Fixed Adblock Plus causing false positives on Fx 3.6
x Improved HTML 5 DnD XSS protection (thanks Soroush Dalili for reporting)

v 2.2.2rc4
==========================================================================
x Protection against a new XSS technique based on HTML 5 DnD (thanks
Soroush Dalili for reporting)

v 2.2.2rc3
==========================================================================
x Better compatibility with credit card verification systems
x [ABE] Fixed ruleset disablement status not surviving browser restarts
(thanks ssj100 for reporting)

v 2.2.2rc2
==========================================================================
x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Version 2.2.2rc4 520.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.2rc4
==========================================================================
x Protection against a new XSS technique based on HTML 5 DnD (thanks
Soroush Dalili for reporting)

v 2.2.2rc3
==========================================================================
x Better compatibility with credit card verification systems
x [ABE] Fixed ruleset disablement status not surviving browser restarts
(thanks ssj100 for reporting)

v 2.2.2rc2
==========================================================================
x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Version 2.2.2rc3 520.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.2rc3
==========================================================================
x Better compatibility with credit card verification systems
x [ABE] Fixed ruleset disablement status not surviving browser restarts
(thanks ssj100 for reporting)

v 2.2.2rc2
==========================================================================
x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against SVG-based keylogging, can be disabled through
noscript.removeSMILKeySniffer about:config preference (thanks .mario for
reporting)

Version 2.2.2rc2 520.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.2rc2
==========================================================================
x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Version 2.2.2rc1 520.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Version 2.2.1.1-signed 520.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.1
==========================================================================
+ [Locale] Updated he-il (thanks baryoni)
x [ClearClick] Fixed incompatibility with the FoxTab add-on

v 2.2.1rc2
==========================================================================
+ [XSS] Deeper decoding on sanitization (thanks .mario for reporting)

v 2.2.1rc1
==========================================================================
+ [XSS] More accurate recursive decoding (thanks .mario for reporting)

Version 2.2.1rc3 519.2 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.1rc3
==========================================================================
+ [Locale] Updated he-il (thanks baryoni)
x [ClearClick] Fixed incompatibility with the FoxTab add-on

v 2.2.1rc2
==========================================================================
+ [XSS] Deeper decoding on sanitization (thanks .mario for reporting)

v 2.2.1rc1
==========================================================================
+ [XSS] More accurate recursive decoding (thanks .mario for reporting)

Version 2.2.1rc2 515.1 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.1rc2
==========================================================================
+ [XSS] Deeper decoding on sanitization (thanks .mario for reporting)

v 2.2.1rc1
==========================================================================
+ [XSS] More accurate recursive decoding (thanks .mario for reporting)

Version 2.2.1rc1 514.0 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.1rc1
==========================================================================
+ [XSS] More accurate recursive decoding (thanks .mario for reporting)

Version 2.2.1-signed 515.1 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2
==========================================================================
+ [ClearClick] Improved protection against Clickjacking on nested windowed
Flash targets (thanks Sommerrain and Tom T for reporting)

Version 2.2rc1 515.1 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2rc1
==========================================================================
+ [ClearClick] Improved protection against Clickjacking on nested windowed
Flash targets (thanks Sommerrain and Tom T for reporting)

Version 2.1.9.1-signed 515.1 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.9
==========================================================================
x [Surrogate] fixed breakage caused by "1.8.1" JavaScript version spec
used instead of "1.8"

v 2.1.9rc3
==========================================================================
+ [Surrogate] JavaScript 1.8 support (thanks al_9x for RFE)
+ Better heuristic for XSSI detection
- Removed previous work-around XSSI exceptions
x Fixed some DOM traversal bugs (thanks al_9x for reporting)
x Refined Google search meta refresh blocking exception
x Added meta refresh blocking exception for t.co (Twitter URL shortener)

v 2.1.9rc2
==========================================================================
x Work-around for XSSI checks breaking some Yahoo! Mail features

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.9rc4 515.1 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.9rc4
==========================================================================
x [Surrogate] fixed breakage caused by "1.8.1" JavaScript version spec
used instead of "1.8"

v 2.1.9rc3
==========================================================================
+ [Surrogate] JavaScript 1.8 support (thanks al_9x for RFE)
+ Better heuristic for XSSI detection
- Removed previous work-around XSSI exceptions
x Fixed some DOM traversal bugs (thanks al_9x for reporting)
x Refined Google search meta refresh blocking exception
x Added meta refresh blocking exception for t.co (Twitter URL shortener)

v 2.1.9rc2
==========================================================================
x Work-around for XSSI checks breaking some Yahoo! Mail features

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.9rc3 515.1 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

Version 2.1.9rc2 515.1 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.9rc2
==========================================================================
x Work-around for XSSI checks breaking some Yahoo! Mail features

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.9rc1 515.1 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.8rc3 514.0 kB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.8rc3
==========================================================================
+ Improved anti-popunder built-in surrogate
x Fixed object autowiring upon placeholder activation regressed by recent
surrogate sandboxing changes

v 2.1.8rc2
==========================================================================
+ noscript.xss.checkInclusions about:config preference (default true)
controls whether the new protection against reflected cross-site script
inclusion (XSSI) is enabled or not (thanks al_9x for RFE)
+ noscript.xss.checkInclusions.exceptions about:confing preference to
disable XSSI checks for certain script sources (thanks al_9x for RFE)

v 2.1.8rc1
==========================================================================
+ Protection against reflected script inclusion (thanks tlu for reporting)
x Fixed logged error message on permissions change (thanks Archaeopteryx
for reporting)