Historique de version de NoScript

369 versions

Méfiez-vous des anciennes versions !

Ces versions sont affichées pour informations et à titre d’essais. Vous devriez toujours utiliser la dernière version d’un module.

Version 2.6.8.5.1-signed 522.2 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.8.5
=========================================================================
x [ClearClick] Fixed empty contentEditable elements cannot receive
keyboard events in cross-site frames (breaking latest Youtube comments)
x [XSS] Fixed false positive on redirected script inclusions (breaking
Stripe payments on Humblebundle, thanks ableeker for reporting)
x [Surrogate] Better GA, GAPI, Twitter and Facebook compatibility

Version 2.6.8.4.1-signed 522.2 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.8.4
=========================================================================
x Fixed shortcut bookmarklet execution requiring noscript.allowURLBarJS
preference to be true on Firefox 25 beta (thanks ivank for report)
x [Surrogate] Better emulation of for Google Analytics asynchronous
tracking (for instance, fixes GMail's "Sign in" link)
x [ClearClick] Fixed exception being thrown on Firefox 27 alpha (Nightly)
x Fixed URL bar enhancements broken by Firefox 25 beta
x Fixed SetVariable/GetVariable failing on dynamically created Flash
elements, e.g. with SFWObject (thanks longsleep for reporting)

Version 2.6.8.3.1-signed 522.3 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.8.3
=========================================================================
x Fixed complex bookmarklet execution requiring synchronous XHR in a
content policy callback
x Fixed full-page plugins failed activation until the page is reloaded
x Fixed full-page HTML5 media failing to play after activation until the
page is reloaded

Version 2.6.8.2.1-signed 522.3 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.8.2rc2
=========================================================================
x Fixed request methods different than POST being turned into GET by
internal channel redirection when the DNS entry is not cached yet

v 2.6.8.2rc1
=========================================================================
x Fixed regression from CTP fix: some kinds of embedded objects being
displayed, even though in disabled state, along with placeholders

Version 2.6.8.1.1-signed 522.2 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.8.1
=========================================================================
+ Added to the default whitelist some CDN subdomains dedicated to serve
popular open source JS libraries (thanks t3g for RFE)
x Fixed notification box issues with Seamonkey (thanks barbaz)
x Work-around for broken CTP notifications (bug 903675)
x Work-around for Youtube comments XSS false (?) positive
x [Locale] Updated fr (thanks Jack Black)

Version 2.6.7.1.1-signed 521.7 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.7.1
=========================================================================
x [XSS] Fixed false positive on GMail when opening the Google Docs file
picker (thanks Harry for reporting)
x [XSS] Fixed parameter elision bug
+ Protection against another variant of error-based SQLXSSI (thanks Alex
Inführ for reporting)

Version 2.6.7.1-signed 521.7 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.7
=========================================================================
x Fixed HTML 5 media content types not blocked when loaded as top-level
documents (thanks al_9x for reporting)
x [XSS] Fixed bug in SQLXSSI detection (thanks Alex Inführ for reporting)
x Fixed resources from resource: origin (such as PDF.js fonts) being
unnecessarily blocked in restrictive embed blocking mode
x Removed "ReferenceError: PolicyState is not defined" message appearing
sometimes in the console dump on startup
x Fixed scrollbars removed in frames activated from placeholder (thanks
al_9x for reporting)

Version 2.6.6.9.1-signed 521.5 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.6.9
=========================================================================
+ [XSS] Added several experimental / unofficial markup atoms to the
build-time matcher generator (thanks .mario for reporting)

Version 2.6.6.8.1-signed 523.2 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.6.8
=========================================================================
x [XSS] Protection against filter evasion exploiting Adobe Flash URL
parsing and charset handling bugs (thanks Soroush Dalili for reporting)

Version 2.6.6.7.1-signed 521.8 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.6.7
=========================================================================
x Fixed ClearClick triggered by recently changed browser built-in Click
To Play placeholders (bug 889228)
x [Locale] Updated Czech (thanks Karel)

Version 2.6.6.6.1-signed 521.8 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.6.6
=========================================================================
+ Made mimetype whitelisting through the noscript.allowedMimeRegExp
preference work with the WebGL pseudo type (thanks Thrawn for RFE)

v 2.6.6.5
=========================================================================
x Better fix for Nightly breakages

v 2.6.6.4
=========================================================================
x Fixed some recent breakages on Nightly

v 2.6.6.3
=========================================================================
x Improved "fixable" JavaScript links detection (thanks asdf for RFE)

Version 2.6.6.2.1-signed 521.7 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.6.2
=========================================================================
x Fixed regression in Tab Mix Plus compatibility due to Gecko 21 changes
x Improved placeholder management for full-document plugin content, e.g.
makes Youtube embeddings more usable on Facebook

Version 2.6.6.1.1-signed 521.7 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.6.1
=========================================================================
x Fixed backward compatibility issue with recent channel cloning changes
x [XSS] Compatibility with certain redirector URL patterns (thanks
Stephen F. for reporting)
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Version 2.6.6.1-signed 520.0 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.6
=========================================================================
x Added per-window private browsing support to some background requests
x Improved channel cloning for internal redirections
x Added further Microsoft mail services dependencies to the default
whitelist
x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)
x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
for reporting)
x Improved handling of some moz-null principal instances in ABE requests
(thanks Thrawn for reporting)
+ New 360Haven surrogate lets the site work with 1st party scripts
allowed and ads/tracker scripts forbidden
s forbidden

Version 2.6.5.9.1-signed 519.4 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.5.9
=========================================================================
x Fixed outlook.com UI broken in Nightly by work-around for bug 677050
(thanks Raùl Duràn of Microsoft for troubleshooting help)
- Removed STS support for Gecko >= 4, which provides built-in HSTS
x Work around for multiple object creation causing UI inconsistencies
(thanks al_9x for reporting)
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
Function.prototype.toSource() (thanks yahoo mail user for report)

Version 2.6.5.8.1-signed 518.8 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.5.8
=========================================================================
+ Automatic Google Analytics web bugs blocking if google-analytics.com is
not whitelisted
+ "Mark as untrusted" button on the site info page (thanks SwissBIT for
RFE)
+ "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
x Inclusion type checks exception for yandex.st
x [XSS] Exception for requests across *.photobucket.com subdomains, which
may legitimately contain syntactically valid Javascript fragments
(thanks RAJAH235 for reporting)

Version 2.6.5.7.1-signed 518.5 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.5.7
=========================================================================
x Made "Yes, remove all protections" the default button in the removal
warning dialog
x [XSS] Fixed post-response encoding checks applied to UTF-8 pages too
(thanks Masato Kinugawa for reporting)
x [XSS] Removed host redirection chance on XSS-vulnerable pages (thanks
Masato Kinugawa for reporting)

v 2.6.5.6
=========================================================================
x [XSS] Smarter syntax check optimization, removes harmful side effect
(thanks Masato Kinugawa for reporting)

v 2.6.5.5
=========================================================================
x [XSS] Fixed bug in broken string literals balancing (thanks Masato
Kinugawa for reporting)

v 2.6.5.4
=========================================================================
+ [XSS] Obfuscated string literals detection (thanks Masato Kinugawa for
reporting)

v 2.6.5.3
=========================================================================
x [XSS] Improved parsing while decoding mixed-charset encoded URLs
(thanks Masato Kinugawa for reporting)
+ [XSS] Better decoding of maliciously mixed-charset encoded strings
(thanks Masato Kinugawa for reporting)

v 2.6.5.2
=========================================================================
x [XSS] Work-around for a Gecko race condition allowing some
script-enabled attackers to make the charset-mismatch checks abort
prematurely (thanks Masato Kinugawa for reporting)

v 2.6.5.1
=========================================================================
+ [XSS] Forced unicode conversions more resilient to invalid input
(thanks Masato Kinugawa for reporting)

v 2.6.5
=========================================================================
+ [XSS] More exotic charset awareness added to script injection checks
(thanks Masato Kinugawa for reporting)
x [XSS] Removed limited injection chance allowing redirection of XSS
vulnerable pages to an integral IP (thanks Masato Kinugawa for
reporting)
+ "Security Downgrade Warning" suggests blacklist mode as a better option
than uninstalling, to retain scripting-unrelated protections
- Removed legacy uninstall hooks and related localized strings

Version 2.6.4.4.1-signed 521.0 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.4.4
=========================================================================
x Fixed plugin placeholders not shown for plugin documents on Gecko >= 19
(thanks therube for reporting)
+ [Surrogate] Support for callbacks in Google Analytics' _gaq.push()
method (thanks Paola Moro for reporting)
+ Allow/Forbid button on the site info page (thanks Edward Huff for RFE)

Version 2.6.4.3.1-signed 520.7 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.4.3
=========================================================================
x [Surrogate] Less aggressive but more compatible adf.ly surrogate (it
automatically skips ad but requires scripts enabled on adf.ly)
x Fixed whitelist listbox couldn't be fully selected by CTRL+A in recent
Firefox versions (thanks Guardian for reporting)
+ [Surrogate] dimtus.com scriptless automatic image revelation
+ [Surrogate] imageteam.org scriptless automatic image revelation
x [External Filters] Fixed cache API compatibility issue

Version 2.6.4.2.1-signed 520.5 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.4.2
=========================================================================
x [ClearClick] Fixed miscalculations in screenshot comparison
x Fixed wrong placeholder position for standalone HTML 5 video content
(thanks mjh563 for reporting)
+ "Appearance" option to hide the "About NoScript" menu item
x Deny loading of any empty Flash object
x Fixed HSB locale (thanks Michael Wolf)
x Fixed forced HTTPS breaks redirects on Firefox >= 18 (thanks mjh563 for
reporting)
x Work-around for Gecko calling nsIContentPolicy::shouldProcess() with
null location for Flash objects sometimes (thanks al_9x for report)
x Fixed broken early HTTP observer on Firefox >= 18 (thanks aloishammer
for reporting)
x Fixed anti-popunder surrogate breaking BFCache (thanks whatever for
reporting)

Version 2.6.4.1.1-signed 520.5 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.4.1
=========================================================================
x Fixed new placeholder close button being hidden on some Youtube pages

v 2.6.4
=========================================================================
x [XSS] Improved compatibility with Twitter's cross-site requests
+ Close button on embedding placeholder (like using shift+click on the
placeholder itself). Shift clicking the close button bypasses it.
x Fixed placeholders intercepting clicks from overlaid elements (thanks
al_9x)
x Fixed unbound embed enablement confirmation dialog size (thanks therube
for reporting)

Version 2.6.3.1-signed 518.6 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.3
=========================================================================
x [XSS] Further tweaks to reduce false positives (thanks Edward C. Kim
for reporting)
x [XSS] The "maybe JS" step now removes leading parens, reducing false
positives e.g. on Picasa (thanks jerriy for reporting)
x [Surrogate] Work-around for anti-popunder surrogate causing Ebay to
recreate phantom cookies on page unload (thanks mjh563 for reporting)
x Work-around for some extensions (e.g. Adblock Plus, Tab Mix Plus)
breaking bookmarlets and URL bar Javascript support after being updated
for Firefox 17
x Removed some console noise
+ [Surrogate] Updated adf.ly surrogate to work with new links

Version 2.6.2.1-signed 518.1 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.2
=========================================================================
x Fixed Google links anonymizer surrogate interfering with the "Search
tools" button (thanks Sledge Fox and Brian Admire for reporting)
x Fixed impossible to copy lines from Console² if opened by NoScript
(thanks therube for reporting and Phil Chee for suggestion)
x [XSS] Exception for wpcomwidgets.com safe inclusions
x Slightly reduced About box width (thanks GµårÐïåñ for RFE)

Version 2.6.1.1-signed 518.2 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6.1
=========================================================================
x [XSS] Better compatibility with Ebay's saved searches
+ [Surrogate] Imagebax.com scriptless ads skipping redirection
x Fixed first non-cached page load in a session from about:newtab failing
- Removed legacy XUL script blocking code
+ Added optional diagnostic to centralized channel aborting
x Fixed bug in Java URLs resolution

Version 2.6.1-signed 518.0 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.6
=========================================================================
x Improved long URL wrapping for more manageable plugin placeholder
tooltips
x Fixed ABE notifications bleeding out of the viewport when very long
URLs are involved
+ [Surrogate] More efficient deferred script loading and syntax check,
saves memory and startup time from unused surrogates
+ [Surrogate] Picbucks.com scriptless ads skipping redirection
+ [Surrogate] Imagebunk.com scriptless image revealing
+ [Surrogate] Picsee.net scriptless image revealing
+ Added navigator.doNotTrack property support

Version 2.5.9.1-signed 517.6 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.5.9
=========================================================================
+ Added afx.ms and gfx.ms (fully controlled by Microsoft, no user content
allowed) to the default whitelist (required by MS mail services)
+ [XSS] Removed false positive on some Google Gadgets; the work-around
can be disabled by setting the noscript.filterXExceptions.ggadgets
about:config preference to false (thanks Silvana for reporting)
+ Added new fake mimetype placeholder "FRAME" to match FRAMEs and IFRAMES
with the noscript.allowedMimeRegExp preference
+ Made mimetype whitelisting through the noscript.allowedMimeRegExp
preference work with FRAMEs and IFRAMEs as well
x Fixed redirections involving sites marked as untrusted causing
inconsistencies in page permissions, with JavaScript being blocked even
if the site is whitelisted (thanks al_9x for reporting)
x Fixed regression on older Gecko versions causing NoScript to believe
the browser is proxied when it's not

Version 2.5.8.1-signed 517.3 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.5.8
=========================================================================
x Work-around for unique origins being assigned to URL bar loads by Gecko
16 and above interfering with some ABE rules
x Work-around for bug 797684 patch causing ABE's Sandbox action to fail
x Work-around for regression from Mozilla bug 797684 fix causing frames
not to be blocked correctly in recent >= 18 builds
x Slightly revised About box to make more room for contributors

Version 2.5.7.1-signed 517.0 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.5.7
=========================================================================
x Fixed synchronous timeout emulation ordering bug in bookmarklet
execution on scriptless pages (thanks Infocatcher for reporting)
x [XSS] Fixed comment preprocessing optimization affecting free
JavaScript detection, thanks Masato Kinugawa for reporting
x [XSS] Fixed second order data: URLs sanitization issue, thanks Masato
Kinugawa for reporting
x Fixed meta refresh blocker notification bar broken on Gecko < 4 (thanks
nitou for reporting)
x Fixed iframe placeholder positioning issue (thanks al_9x for report)
x Fixed regression in placeholder positioning (thanks al_9x for report)
x [ClearClick] Fixed false positive on cross-site SVG document embeddings
(thanks Steffen for reporting)

Version 2.5.6.1-signed 516.9 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.5.6
=========================================================================
x [XSS] Fixed slow regular expression causing some base64 request
payloads to trigger false positives (thanks Mirko Tasler for reporting)
+ Force placeholders to frontmost position e.g. on HTML 5 Youtube content
+ New icon for blocked embeddings on globally allowed pages (thanks
therube for RFE)

Version 2.5.5.1-signed 515.0 KiB Fonctionne avec Firefox 3.0.9 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.5.5
=========================================================================
+ More reliable Java applet origin identification
x Cross-browser work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=789773