Historique de version de NoScript

368 versions

Méfiez-vous des anciennes versions !

Ces versions sont affichées pour informations et à titre d’essais. Vous devriez toujours utiliser la dernière version d’un module.

Version 2.6.9.25.1-signed 533.8 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.25
=============================================================
x Fixed regression preventing HTTPS enforcing exceptions from
being honored

v 2.6.9.24
=============================================================
x Fix for intermittent crashes on older Gecko versions

Version 2.6.9.23.1-signed 533.8 KiB Fonctionne avec Firefox 31.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.31 et supérieures

v 2.6.9.23
=============================================================
x Work-around for moz-bug 1167371
x Fixed fatal regression on Firefox 34 and below
x Improved backward compatibility
x Work-around for anonymized plugin subrequests being vetoed
by channel event sink
x Fixed backward compatibility PopupBoxObject shim
x [E10s] Fixed cascading permissions broken when checks are
performed cross-process
x [Surrogate] Removed deprecated "for each" constructs from
replacements
x [L10n] Updated ru-RU (thanks negodnik)
x Tentative fix for Bug 1153256 (thanks Dragana Damjanovic)
+ Added about:preferences to the mandatory whitelist
- Removed legacy STS support
+ [Surrogate] 2mdn.net inclusion replacement (thanks barbaz)
+ [E10s] Restored inline JavaScript blocking

Version 2.6.9.22.1-signed 534.2 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.22
=============================================================
+ [Surrogate] Generalized OWASP antiClickjacking replacement
(thanks barbaz for RFE)
+ [Surrogate] Wordpress scriptless site auto-show replacement
+ bootstrapcdn.com in default whitelist

Version 2.6.9.21.1-signed 534.0 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.21
=============================================================
+ Added "mediasource:" to the mandatory whitelist (Moz-Bug
1151638)
x [Surrogate] Updated googletagservices.com replacement
(thanks barbaz)
x Better compatibility with SDK-based add-ons using data:
URIs (thanks Mingyi Liu for report)

Version 2.6.9.20.1-signed 533.9 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.20rc2
=============================================================
x Improved "Recently blocked sites..." recording
x Fixed inconsistencies in data: URIs handling (thanks barbaz
for reporting)

Version 2.6.9.19.1-signed 533.8 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.19
=============================================================
+ [Surrogate] .gigya.com replacement provided by barbaz
+ [Surrogate] js.stripe.com replacement provided by barbaz
+ Improved usability of new Yahoo! video activation (thanks
Glenn for reporting)
+ Added googlevideo.com to the default whitelist because it's
now required to play Youtube movies (thanks barbaz for RFE)

Version 2.6.9.18.1-signed 533.5 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.18
=============================================================
x Fixed restrictSubdocScripts/globalHTTPSWhitelist
interaction issue (thanks Tor Project for report)
x Fixed regression always disabling scripts whenever site's
host name is a IPv6 literal (thanks ipv6user for report)
x Fixed menu automatic disappearance on mouse exit broken by
Firefox 36 changes (thanks randavis, cumdacon and barbaz
for report)

Version 2.6.9.17.1-signed 533.3 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.17
=============================================================
x Fixed cascadePermissions/globalHTTPSWhitelist interaction
issue with IFRAMEs (thanks Tor Project for report)
x Fixed cascadePermissions being enforced also if the top
document is implicitly allowed by the globalHTTPSWhitelist
policy, rather than explicitly whitelisted, causing HTTP
subdocument and scripts to be unintendendly allowed when
the top document is HTTPS (thanks Tor Project for report)
x [Surrogate] Update Google Analytics replacement (thanks
barbaz)

Version 2.6.9.16.1-signed 533.1 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.16
=============================================================
+ [Surrogate] Updated Gravatar surrogate (thanks barbaz)
+ Additional HTML sanitization when pasting rich text into
content-editable elements (thanks .mario for RFE)
+ Introduced framework for E10s migration, starting with new
features and fixes
x Removed deprecated let () expressions from the code base

Version 2.6.9.15.1-signed 531.7 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.15
=============================================================
+ Fixed regression in 2.6.9.12 causing data: URI documents
to be scripting-enabled (thanks GOF for tweet)

Version 2.6.9.14.1-signed 531.7 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.14
=============================================================
+ [Surrogate] OWASP legacy Javascript-based "antiClickjack"
protection surrogate to unhide "protected" pages when
scripting is disabled (thanks barbaz)
+ Restored noscript.forbidXHR functionality trying to make it
more web-compatible (thanks barbaz for RFE)

Version 2.6.9.13.1-signed 531.5 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.13
=============================================================
x [XSS] Fixed bugs in comment stripping optimization (thanks
Masato Kinugawa for reporting)
x [XSS] Better protection against some ES6 attacks (thanks
Masato Kinugawa for reporting)
- Removed support for XMLHttpRequest blocking
(noscript.forbidXHR preference). The same functionality,
if really needed, can still be achieved through ABE anyway.

Version 2.6.9.12.1-signed 531.6 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.12
=============================================================
x Fixed origin checking bug causing sandboxed IFRAMEs to have
scripting always disabled (thanks Ellad Tadmor for report)

Version 2.6.9.11.1-signed 531.5 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.11
=============================================================
x [Surrogate] microsoftSupport surrogate to force the content
to be shown if scripts are disabled (thanks thunderscript)
x Check private browsing against chrome rather than content
windows (prevents annoying warning console messages)

Version 2.6.9.10.1-signed 531.5 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.10
=============================================================
x Fixed regression: permanently allow a web site erasing
temporary whitelist items (thanks smersh for reporting)
x Fixed private windows detection for UI adaptation broken in
SeaMonkey (thanks barbaz for reporting)
x Made the Permanent "allow" commands in private windows'
checkbox look and behave like the other options in the
"Appearance" tab, i.e. controlling the visibility of the
menu item by the same name

Version 2.6.9.9.1-signed 531.5 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.9
=============================================================
x Updated GPL.txt and NoScript_License.txt with current FSF
information (thanks Thomas Spura for reporting)
x Fixed regression causing "Revoke temporary permissions"
gitches (thanks barbaz for reporting)
x Moved the Permanent "allow" commands in private windows'
menu toggle next to the 'Options' command

Version 2.6.9.8.1-signed 531.5 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.8
=============================================================
+ 'Permanent "allow" commands in private windows' preference
in NoScript Options|Appearance (inverse of
noscript.volatilePrivatePermissions)
+ 'Permanent "allow" commands in private windows' toggle
in NoScript menu while in Private Browsing mode, controlled
by noscript.showVolatilePrivatePermissionsToggle
x Fixed regression in Cascade Permissions mode (thanks Kitty
Box for reporting)
+ Fixed whitelisting regression on Gecko 25 and below (e.g.
Palemoon)
+ Actually prevent temporary whitelist items from being saved
in prefs (thanks to Mike Perry)

Version 2.6.9.7.1-signed 531.2 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.7
=============================================================
x Fixed inconsistencies in the globalHttpsWhitelist option
implementation (thanks Mike Perry for reporting)
+ Volatile temporary whitelist, never gets saved to disk
(thanks to Tor Project for sponsorship)
+ Never show permanent whitelist modifying commands when in
private mode, unless the noscript.volatilePrivatePermissions
preference is false (thanks to Tor Project for sponsorship)
+ noscript.allowWhitelistUpdate preference to control whether
NoScript should be able to tweak the whitelist on version
updates when the 3rd party requirements for an already
whitelisted website change (thanks Thencent for RFE)

Version 2.6.9.6.1-signed 530.9 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.6
=============================================================
+ Built-in force HTTPS list, seeded with www.youtube.com
x Work-around for bogus Youtube embedded frame activation
patterns (thanks al_9x for reporting)
x Fixed bookmarklet execution regression in older Firefox
versions (thanks 5keeve for reporting)
x Fixed subdocuments of a [System Principal] page not being
allowed when they should in cascade permission modes (
thanks hjkl for reporting)

Version 2.6.9.5.1-signed 530.6 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.5
=============================================================
x Fixed memory leak when a top-level browser window is closed
(thanks cks for reporting)
x [XSS] compatibility tweak for swisspost.ch
x Miscellaneous HTTPS URLs lockdown
+ Support for full-encrypted https://noscript.net
x Updated Twitter surrogate (thanks ozjuggler and barbaz)
x Work-around for thumbnail generation protection being
broken by some add-ons
x Fully disable background processed thumbnail generation
unless noscript.bgThumbs.allowed about:config preference
is set to true
x Control JavaScript enabled in background thumbail
generation through the noscript.bgThumbs.disableJS
about:config preference
+ Forcing remote browsers used for thumbnail generation to
disable JavaScript (thanks vpoint for reporting)
+ [Surrogate] Invodo dummy replacement (thanks barbaz)

Version 2.6.9.4.1-signed 530.2 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.4
=============================================================
+ Added vimeocdn.com as a vimeo.com dependency if already
whitelisted
+ [Surrogate] Enabling imgserve.com age verification button
even if JavaScript is disabled
x Fixed IP6 to IP4 mapping bug (thanks stack / inventati)

Version 2.6.9.3.1-signed 530.2 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.3
=============================================================
x More accurate referrer checks for some edge cases (thanks
AlbertMTom for reporting)
x [ABE] More restrictive local IP checks (thanks AlbertMTom
for reporting)
+ More permissive AddressMatcher IP parser
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

Version 2.6.9.2.1-signed 530.0 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.2
=============================================================
+ [XSS] Improved sensitivity (thanks Masato Kinugawa)

Version 2.6.9.1.1-signed 530.0 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9.1
=============================================================
+ [XSS] focus-based exfiltration protection (thanks Masato
Kinugawa for reporting)
x [XSS] Fixed false positive in risky operators detection
(thanks Roman Vock for reporting)

Version 2.6.9.1-signed 529.9 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.9
=============================================================
+ [XSS] Improved location-based exfiltration protection
(thanks Masato Kinugawa for reporting)
+ [Surrogate] login.person.org inclusion (thanks barbaz)
x [XSS] Fixed 2.6.8.43 regressions
x [XSS] Improved specificity for eval-like patterns
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support

v 2.6.9rc4
=============================================================
+ [XSS] Fixed bug in location-based exfiltration protection
(thanks Masato Kinugawa for reporting)

v 2.6.9rc3
=============================================================
+ [XSS] Improved location-based exfiltration protection
(thanks Masato Kinugawa for reporting)

v 2.6.9rc2
=============================================================
+ [Surrogate] login.person.org inclusion (thanks barbaz)
x [XSS] Fixed 2.6.8.43 regressions
x [XSS] Improved specificity for eval-like patterns

v 2.6.9rc1
=============================================================
+ Switched to a treeview for faster management of very long
whitelists (thanks barbaz for patch)
x Tentative work-around for potential performance problems
reportedly related to Australis support
x [XSS] Fixed 2.6.8.43 regressions

Version 2.6.8.43.1-signed 528.4 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.8.43
=============================================================
x [XSS] Protection against some exfiltration attacks based on
arithmetic operators (thanks Masato Kinugawa and File
Descriptor AKA XSS Jigsaw for reporting)

Version 2.6.8.42.1-signed 528.3 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x [XSS] Improved window.name exfiltration protection
(thanks Masato Kinugava for reporting)

v 2.6.8.42rc2
=============================================================
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.41.1-signed 527.7 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.8.41
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for help)
x Added "Always ask" checkbox to the removal confirmation
dialog (thanks agaxwtmp for RFE)
x Fixed Options dialog broken on ancient Firefox versions
x [XSS] Fixed false positive within *.adxns.com

Version 2.6.8.40.1-signed 529.0 KiB Fonctionne avec Firefox 4.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.12 et supérieures

v 2.6.8.40
=========================================================================
x Fixed regression causing script inclusions with non-standard ports to
be always blocked
x [ABE] Improved ruleset editing UI (thanks barbaz for patch)

Version 2.6.8.39.1-signed 527.2 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.8.39
=========================================================================
x [Surrogate] Removed DARLA surrogate and reimplemented its work-around
as a XSS filter exception
x [Bookmarklets] Fixed bookmarklets broken when JavaScript is enabled
(thanks therube for reporting)
x [Surrogate] Work-around for DARLA surrogate breaking Yahoo! Mail