Historique de version de NoScript

384 versions

Méfiez-vous des anciennes versions !

Ces versions sont affichées pour informations et à titre d’essais. Vous devriez toujours utiliser la dernière version d’un module.

Version 2.9 537.5 KiB Fonctionne avec Firefox 3.0.9 - 46.0, SeaMonkey 2.0 - 2.42

v 2.9rc1
=============================================================
x [e10s] Fixed "Temporarily allow top-level sites by default"
broken by Electrolysis
x Fixed "key.revokeTemp" preference management bug (thanks
palme for patch)

Version 2.7 537.3 KiB Fonctionne avec Firefox 3.0.9 - 46.0, SeaMonkey 2.0 - 2.42

v 2.7
=============================================================
- Removed informaction.com, flashgot.net and maone.net from
the default whitelist to reduce the potential attack
surface
- Removed vestigial noscript.forbidData preference
x Fixed shorthands not checked for ftp(s) sites (thanks
Leon Winter for patch)
x [Surrogate] Fixed googletag replacement (thanks barbaz)
x Fixed incompatibility with importScript() from workers
breaking new reCaptcha implementation (thanks Mr_KrzYch00
for reporting)

Version 2.6.9.39 536.3 KiB Fonctionne avec Firefox 3.0.9 - 45.0, SeaMonkey 2.0 - 2.41

v 2.6.9.39
=============================================================
x Work-around for a XSS "false positive" caused by nwolb.com
passing Javascript code across subdomains in window.name
(thanks Sagiv Masvari for reporting)

Version 2.6.9.38 729.2 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.38
=============================================================
x Fixed breakage due to const declarations behavior changes
in latest Firefox nightlies (thanks to all the people in
https://bugzilla.mozilla.org/show_bug.cgi?id=1212707)

Version 2.6.9.37 536.4 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.37
=============================================================
x Fixed bug: launching a bookmarklet on about:newTab caused
allow scripts globally for that tab (thanks James Strange
for reporting)
x [L10n] Updated French translation (thanks Syl)
x Fixed NOSCRIPT element hidden on Javascript-disabled pages
(moz bug 1208818)
x [Surrogate] enhanced gogletags.com replacement (thanks
therube)
x Fixed subtle bug in load context association causing an
origin mismatch in one corner case (thanks Gareth Heyes
for reporting)

Version 2.6.9.36 536.0 KiB Fonctionne avec Firefox 3.0.9 - 44.0, SeaMonkey 2.0 - 2.39

v 2.6.9.36
=============================================================
x [L10n] Fixed typo in nb-NO (thanks Mikkel H.)
x [e10s] Fixed top-level site auto-whitelisting broken
x [e10s] Fixed MozBug 1196477 (crash with allowLocalLinks)
x Shorthands reliability improvements
x [ClearClick] fixed console spam due to missing XPCOM
interfaces for HTML elements
x In order to help Netflix users with the new video delivery
system, users who have netflix.com already in their
whitelist get https://*.nflxvideo.net whitelisted as
well on upgrade

Version 2.6.9.35 536.0 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.35
=============================================================
x [Surrogate] googletagservices.com replacement now supports
custom googletag objects (thanks barbaz)
x [Surrogate] fixed surrogates stopped working on older
Gecko versions (thanks barbaz)
x [XSS] Work-around for false positive on some Yahoo! URLs
x Corrected mistyped about:pocket-saved whitelist entry
x Fixed race condition in ABE options observer causing
l.getRowCount() console spam

Version 2.6.9.34 536.0 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.34
=============================================================
x [Surrogate] Fixed a bug preventing some replacements from
running
x [XSS] Fixed over-optimized JSON and dots erasure allowing
for a filter bypass in specific (and likely rare)
circumstances (thanks Gareth Heyes for reporting)

Version 2.6.9.33 536.0 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.33
=============================================================
x [XSS] Fixed bug in minimal inline JavaScript fragment
detection (thanks Frederik Braun for reporting)
x [L10n] Updated Russian (thanks fatboy).
x [Surrogate] fixed scope conflicts caused by the $S() object
replacement wrapper (e.g. with some EA games)

Version 2.6.9.32 536.0 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.32
=============================================================
+ Added domains required for Netflix playback to the default
whitelist
x Fixed inline script blocking broken by latest Nightlies
x Fixed NOSCRIPT elements not being shown in script-blocked
pages on Firefox betas
x [Surrogate] shimmed or replaced code causing deprecations
x [Surrogate] updated googletag replacement (thanks barbaz)
x [XSS] Fixed regression in minimal inline JavaScript
fragment detection (thanks Gareth Heyes for reporting)
x Fixed edge case causing JavaScript redirections detection
to fail on http://qklnk.co/ (thanks Jess Hampshire for RFE)

Version 2.6.9.31 535.4 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.31
=============================================================
x [XSS] Fixed attribute injection checks regression (thanks
Maxim Rupp and .mario of Cure53 for reporting)

Version 2.6.9.30 535.4 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.30
=============================================================
x Fixed noscript.allowWhitelistUpdates preference being
ignored
+ Filtering out whitelist additions not required by the
the specific current browser type and version
+ Added about:pocket-save and about:pocket-signup to the
default whitelist
x More restrictive and accurate INCLUSION type check (thanks
Meee for reporting)
x [XSS] Further invalid characters optimization refinement
(thanks Mathias Karlsson for reporting)
x [XSS] Fixed XML stripping optimization to prevent inline
injections (thanks Mathias Karlsson for reporting)
x Default whitelist maintenance: removed prototypejs.org,
cdnjs.cloudflare.com; restored maps.googleapis.com
x [XSS] Updated inline event handlers related code preventing
potential 2nd order injections on very badly coded websites
(thanks Mathias Karlsson for reporting)

Version 2.6.9.29 536.1 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.29
=============================================================
x [XSS] Improved specificity of invalid characters
optimization to remove a string literal breaking detection
bypass (thanks Mathias Karlsson for reporting)

Version 2.6.9.28 536.1 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.28
=============================================================
x Narrowed googleapis.com default whitelist entry to
ajax.googleapis.com
x [Surrogate] Updated gigya.com and 2mdn.net replacements
(thanks saaib)

Version 2.6.9.27 536.0 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.27
=============================================================
x Fixed media elements being blocked on first (uncached)
request (thanks RobertDrew for reporting)
+ noscript.middlemouse_temp_allow_main_site about:config
preference to control whether middle-clicking the toolbar
button should allow current top document's site (thanks
barbaz)
x [L10n] Updated Belarusian (thanks Dzmitry Drazdou)
+ Default whitelist retroactive removal ability
x Removed vjs.zendcdn.net from the default whitelist

Version 2.6.9.26 536.0 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.26
=============================================================
x Extended the redirectTo() safety net for to all the internal
redirections
x Work-around for redirectTo() breaking Flash plugin
subrequests
x Got ChannelReplacement backed by HTTPChannel.redirectTo()
whenever possible (should fix moz-bug 1153256 for good)
x Fixed double redirection in HTTPS enforcing

Version 2.6.9.25.1-signed 533.8 KiB Fonctionne avec Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.25
=============================================================
x Fixed regression preventing HTTPS enforcing exceptions from
being honored

v 2.6.9.24
=============================================================
x Fix for intermittent crashes on older Gecko versions

Version 2.6.9.23.1-signed 533.8 KiB Fonctionne avec Firefox 31.0 - 41.0, SeaMonkey 2.31 - 2.37

v 2.6.9.23
=============================================================
x Work-around for moz-bug 1167371
x Fixed fatal regression on Firefox 34 and below
x Improved backward compatibility
x Work-around for anonymized plugin subrequests being vetoed
by channel event sink
x Fixed backward compatibility PopupBoxObject shim
x [E10s] Fixed cascading permissions broken when checks are
performed cross-process
x [Surrogate] Removed deprecated "for each" constructs from
replacements
x [L10n] Updated ru-RU (thanks negodnik)
x Tentative fix for Bug 1153256 (thanks Dragana Damjanovic)
+ Added about:preferences to the mandatory whitelist
- Removed legacy STS support
+ [Surrogate] 2mdn.net inclusion replacement (thanks barbaz)
+ [E10s] Restored inline JavaScript blocking

Version 2.6.9.22.1-signed 534.2 KiB Fonctionne avec Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.22
=============================================================
+ [Surrogate] Generalized OWASP antiClickjacking replacement
(thanks barbaz for RFE)
+ [Surrogate] Wordpress scriptless site auto-show replacement
+ bootstrapcdn.com in default whitelist

Version 2.6.9.21.1-signed 534.0 KiB Fonctionne avec Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.21
=============================================================
+ Added "mediasource:" to the mandatory whitelist (Moz-Bug
1151638)
x [Surrogate] Updated googletagservices.com replacement
(thanks barbaz)
x Better compatibility with SDK-based add-ons using data:
URIs (thanks Mingyi Liu for report)

Version 2.6.9.20.1-signed 533.9 KiB Fonctionne avec Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.20rc2
=============================================================
x Improved "Recently blocked sites..." recording
x Fixed inconsistencies in data: URIs handling (thanks barbaz
for reporting)

Version 2.6.9.19.1-signed 533.8 KiB Fonctionne avec Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.19
=============================================================
+ [Surrogate] .gigya.com replacement provided by barbaz
+ [Surrogate] js.stripe.com replacement provided by barbaz
+ Improved usability of new Yahoo! video activation (thanks
Glenn for reporting)
+ Added googlevideo.com to the default whitelist because it's
now required to play Youtube movies (thanks barbaz for RFE)

Version 2.6.9.18.1-signed 533.5 KiB Fonctionne avec Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.18
=============================================================
x Fixed restrictSubdocScripts/globalHTTPSWhitelist
interaction issue (thanks Tor Project for report)
x Fixed regression always disabling scripts whenever site's
host name is a IPv6 literal (thanks ipv6user for report)
x Fixed menu automatic disappearance on mouse exit broken by
Firefox 36 changes (thanks randavis, cumdacon and barbaz
for report)

Version 2.6.9.17.1-signed 533.3 KiB Fonctionne avec Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.17
=============================================================
x Fixed cascadePermissions/globalHTTPSWhitelist interaction
issue with IFRAMEs (thanks Tor Project for report)
x Fixed cascadePermissions being enforced also if the top
document is implicitly allowed by the globalHTTPSWhitelist
policy, rather than explicitly whitelisted, causing HTTP
subdocument and scripts to be unintendendly allowed when
the top document is HTTPS (thanks Tor Project for report)
x [Surrogate] Update Google Analytics replacement (thanks
barbaz)

Version 2.6.9.16.1-signed 533.1 KiB Fonctionne avec Firefox 3.0.9 - 39.0, SeaMonkey 2.0 - 2.36

v 2.6.9.16
=============================================================
+ [Surrogate] Updated Gravatar surrogate (thanks barbaz)
+ Additional HTML sanitization when pasting rich text into
content-editable elements (thanks .mario for RFE)
+ Introduced framework for E10s migration, starting with new
features and fixes
x Removed deprecated let () expressions from the code base

Version 2.6.9.15.1-signed 531.7 KiB Fonctionne avec Firefox 3.0.9 - 39.0, SeaMonkey 2.0 - 2.36

v 2.6.9.15
=============================================================
+ Fixed regression in 2.6.9.12 causing data: URI documents
to be scripting-enabled (thanks GOF for tweet)

Version 2.6.9.14.1-signed 531.7 KiB Fonctionne avec Firefox 3.0.9 - 39.0, SeaMonkey 2.0 - 2.36

v 2.6.9.14
=============================================================
+ [Surrogate] OWASP legacy Javascript-based "antiClickjack"
protection surrogate to unhide "protected" pages when
scripting is disabled (thanks barbaz)
+ Restored noscript.forbidXHR functionality trying to make it
more web-compatible (thanks barbaz for RFE)

Version 2.6.9.13.1-signed 531.5 KiB Fonctionne avec Firefox 3.0.9 - 39.0, SeaMonkey 2.0 - 2.36

v 2.6.9.13
=============================================================
x [XSS] Fixed bugs in comment stripping optimization (thanks
Masato Kinugawa for reporting)
x [XSS] Better protection against some ES6 attacks (thanks
Masato Kinugawa for reporting)
- Removed support for XMLHttpRequest blocking
(noscript.forbidXHR preference). The same functionality,
if really needed, can still be achieved through ABE anyway.

Version 2.6.9.12.1-signed 531.6 KiB Fonctionne avec Firefox 3.0.9 - 39.0, SeaMonkey 2.0 - 2.36

v 2.6.9.12
=============================================================
x Fixed origin checking bug causing sandboxed IFRAMEs to have
scripting always disabled (thanks Ellad Tadmor for report)

Version 2.6.9.11.1-signed 531.5 KiB Fonctionne avec Firefox 3.0.9 - 38.0, SeaMonkey 2.0 - 2.35

v 2.6.9.11
=============================================================
x [Surrogate] microsoftSupport surrogate to force the content
to be shown if scripts are disabled (thanks thunderscript)
x Check private browsing against chrome rather than content
windows (prevents annoying warning console messages)