73 replies to this topic

[Chachazz]

NoScript v 2.6.1
x [XSS] Better compatibility with Ebay's saved searches
+ [Surrogate] Imagebax.com scriptless ads skipping redirection
x Fixed first non-cached page load in a session from about:newtab failing
- Removed legacy XUL script blocking code
+ Added optional diagnostic to centralized channel aborting
x Fixed bug in Java URLs resolution

[Chachazz]

NoScript v 2.6.2

x Fixed Google links anonymizer surrogate interfering with the "Search
tools" button (thanks Sledge Fox and Brian Admire for reporting)
x Fixed impossible to copy lines from Console? if opened by NoScript
(thanks therube for reporting and Phil Chee for suggestion)
x [XSS] Exception for wpcomwidgets.com safe inclusions
x Slightly reduced About box width (thanks G??r???? for RFE)

Get it!

[Chachazz]

NoScript v 2.6.3
x [XSS] Further tweaks to reduce false positives (thanks Edward C. Kim
for reporting)
x [XSS] The "maybe JS" step now removes leading parens, reducing false
positives e.g. on Picasa (thanks jerriy for reporting)
x [Surrogate] Work-around for anti-popunder surrogate causing Ebay to
recreate phantom cookies on page unload (thanks mjh563 for reporting)
x Work-around for some extensions (e.g. Adblock Plus, Tab Mix Plus)
breaking bookmarlets and URL bar Javascript support after being updated
for Firefox 17
x Removed some console noise
+ [Surrogate] Updated adf.ly surrogate to work with new links
Get it!

[Chachazz]

 NoScriptXmas.png   10.85K   0 downloads NoScript v 2.6.4.1
x Fixed new placeholder close button being hidden on some Youtube pages

v 2.6.4
x [XSS] Improved compatibility with Twitter's cross-site requests
+ Close button on embedding placeholder (like using shift+click on the
placeholder itself). Shift clicking the close button bypasses it.
x Fixed placeholders intercepting clicks from overlaid elements (thanks
al_9x)
x Fixed unbound embed enablement confirmation dialog size (thanks therube
for reporting)

Get it!

[Chachazz]

 NoScriptXmas.png   10.85K   0 downloadsNoScript v 2.6.4.2

x [ClearClick] Fixed miscalculations in screenshot comparison
x Fixed wrong placeholder position for standalone HTML 5 video content
(thanks mjh563 for reporting)
+ "Appearance" option to hide the "About NoScript" menu item
x Deny loading of any empty Flash object
x Fixed HSB locale (thanks Michael Wolf)
x Fixed forced HTTPS breaks redirects on Firefox >= 18 (thanks mjh563 for
reporting)
x Work-around for Gecko calling nsIContentPolicy::shouldProcess() with
null location for Flash objects sometimes (thanks al_9x for report)
x Fixed broken early HTTP observer on Firefox >= 18 (thanks aloishammer
for reporting)
x Fixed anti-popunder surrogate breaking BFCache (thanks whatever for
reporting)

Get it!

[Chachazz]

NoScript v 2.6.4.3
x [Surrogate] Less aggressive but more compatible adf.ly surrogate (it
  automatically skips ad but requires scripts enabled on adf.ly)
x Fixed whitelist listbox couldn't be fully selected by CTRL+A in recent
  Firefox versions (thanks Guardian for reporting)
+ [Surrogate] dimtus.com scriptless automatic image revelation
+ [Surrogate] imageteam.org scriptless automatic image revelation
x [External Filters] Fixed cache API compatibility issue

[Chachazz]

NoScript 2.6.5

 

+ [XSS] More exotic charset awareness added to script injection checks
  (thanks Masato Kinugawa for reporting)
x [XSS] Removed limited injection chance allowing redirection of XSS
  vulnerable pages to an integral IP (thanks Masato Kinugawa for
  reporting)
+ "Security Downgrade Warning" suggests blacklist mode as a better option
  than uninstalling, to retain scripting-unrelated protections 
- Removed legacy uninstall hooks and related localized strings

[Chachazz]

NoScript 2.6.5.1

 

+ [XSS] Forced unicode conversions more resilient to invalid input
  (thanks Masato Kinugawa for reporting)

[Chachazz]

NoScript v 2.6.5.4
+ [XSS] Obfuscated string literals detection (thanks Masato Kinugawa for
  reporting)
 
v 2.6.5.3
x [XSS] Improved parsing while decoding mixed-charset encoded URLs
  (thanks Masato Kinugawa for reporting)
+ [XSS] Better decoding of maliciously mixed-charset encoded strings
  (thanks Masato Kinugawa for reporting)

 

v 2.6.5.2
x [XSS] Work-around for a Gecko race condition allowing some
  script-enabled attackers to make the charset-mismatch checks abort
  prematurely (thanks Masato Kinugawa for reporting)

[Chachazz]

NoScript v 2.6.5.6
x [XSS] Smarter syntax check optimization, removes harmful side effect
  (thanks Masato Kinugawa for reporting)
 
v 2.6.5.5
x [XSS] Fixed bug in broken string literals balancing (thanks Masato
  Kinugawa for reporting)

[Chachazz]

NoScript 2.6.5.9
x Fixed outlook.com UI broken in Nightly by work-around for bug 677050
  (thanks Raùl Duràn of Microsoft for troubleshooting help)
- Removed STS support for Gecko >= 4, which provides built-in HSTS
x Work around for multiple object creation causing UI inconsistencies
  (thanks al_9x for reporting)
x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
  Function.prototype.toSource() (thanks yahoo mail user for report)

[Chachazz]

NoScript v 2.6.6

x Added per-window private browsing support to some background requests

x Improved channel cloning for internal redirections

x Added further Microsoft mail services dependencies to the default

  whitelist

x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)

x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa

  for reporting)

x Improved handling of some moz-null principal instances in ABE requests

  (thanks Thrawn for reporting)

+ New 360Haven surrogate lets the site work with 1st party scripts

  allowed and ads/tracker scripts forbidden

[Chachazz]

NoScript v 2.6.6.1

x Fixed backward compatibility issue with recent channel cloning changes
x [XSS] Compatibility with certain redirector URL patterns (thanks
Stephen Faherty for reporting)
x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
from the address bar to be considered cross-site
x [Locale] Updated Esperanto (thanks Michael Wolf)
x [Locale] Updated Upper Serbian (thanks Michael Wolf)

Get it!
 

[Chachazz]

NoScript v 2.6.6.2
x Fixed regression in Tab Mix Plus compatibility due to Gecko 21 changes
x Improved placeholder management for full-document plugin content, e.g.
  makes Youtube embeddings more usable on Facebook

 

Get it!