Jump to content


Photo

NoScript 5.x - Secure all those processes!


  • Please log in to reply
6 replies to this topic

#1 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 35,933 posts

Posted 05 March 2017 - 10:09 AM

Attached File  NoScript_Logo.png   26.76KB   0 downloads  NoScript 5.0 - Secure all those processes!

by Giorgio Maone

+ Embedded WebExtension (to prepare for WebExtensions API migration)
x Dramatically Improved UI synchronization performance impact
on load-intensive web pages (thanks Rob Wu)
x [e10s] Fixed permissions out of sync when content processes
are more than one (thanks Ian Fennel for report)
x [Surrogates] Update google-analytics replacement (thanks
ng4never for reporting and barbaz for implementation)

 

Get it!

 

[+] new feature, [x] bug fix, [-] removed feature, [=] repackaging or cosmetic change



#2 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 35,933 posts

Posted 24 April 2017 - 05:34 PM

NoScript v 5.0.3
x Fixed global JavaScript enablement for HTTPS sites breaking
the UI (Tor ticket #21923)
+ noscript.webext.enabled preference to control embedded
WebExtension startup
x Fixed XHR regression (thanks Oleksandr Popov for reporting)
x Fixed compatibility issues with some WebExtensions (thanks
Oleksandr Popov for reporting)

 

v 5.0.2
x Fixed thumbnails broken even if noscript.bgThumbs.allowed
is true (thanks rick for reporting)
x [e10s] Restored absolutely positioned elements removal by
mousedown + DEL key (broken by e10s)
x Absolutely positioned elements removal by mousedown + DEL
key now working also on whitelisted pages (controlled by
noscript.eraseFloatingElements about:config preference,
thanks MegaWolf for RFE)
x Fixed blocked XHR requests in frames not reflected in the
menu UI (thanks aocab and barbaz for reporting)
x [Locale] Improved nl translation (thanks Kris)

 

v 5.0.1
x Fixed regression, some sites not being shown in UI
x Fixed recently blocked menu not working on e10s



#3 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 35,933 posts

Posted 12 May 2017 - 07:29 AM

NoScript v 5.0.4

+ [XSS] Added countermeasures against several vectors
exploiting client-side JavaScript templating frameworks
(thanks Krzysztof Kotowicz and Sebastian Lekies for their
research)
x [XSS] Fixed e10s-related regression in window.name
sanitization (thanks Krzysztof Kotowicz for reporting)
x Fixed "Allow local links" breaking file:/// URL loading in
Gecko 53 and above
x Fixed JSON viewer working only on JavaScript-enabled URLs

 

Get it!



#4 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 35,933 posts

Posted 30 May 2017 - 06:58 PM

NoScript v 5.0.5

 

x [XSS] Updated XSS filter with latest Gecko Atoms and ES
features (thanks Maxim Rupp for reporting)
+ [XSS] Added countermeasures against XSS vectors exploiting
Mavo-script template expressions (thanks Krzysztof Kotowicz
and Gareth Heyes for reporting)

 

Get it!



#5 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 35,933 posts

Posted 05 July 2017 - 03:26 PM

NoScript v 5.0.6

 

x [XSS] Fixed performance regression in handling of big JSON
payloads causing the browser to freeze on loading pages
with Facebook tracking subframes
x [Surrogates] Updated ga replacement (thanks barbaz)
x [L10n] Updated tr (thanks Volkan Gezer)
x [L10n] Updated de (thanks milupo
x [XSS] Fixed regression in window.name sanitization
(thanks Gareth Heyes for reporting)
x [XSS] Work-around for Mavo-script operator translation side
effects (thanks Gareth Heyes for reporting)

 

Get it!



#6 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 35,933 posts

Posted 10 August 2017 - 05:00 PM

NoScript v 5.0.8.1

x [ABE] XHR matches both TYPE_XMLHTTPREQUEST and TYPE_FETCH
x [ABE] Updated INCLUSION types to match newest specific
types from nsIContentType constants. OTHER still matches
any type except "historically supported" ones (SCRIPT, CSS,
IMAGE, OBJ, OBJSUB, MEDIA, FONT, SUBDOC, XBL, PING, XHR,
DTD) for backward compatibility: please use
UNKNOWN to match just TYPE_OTHER (i.e. request whose type
is not specifically mapped yet by the nsIContentType API).
x [e10s] Fixed INCLUSION type marked as OTHER for any request
when Electrolysis is enabled (thanks barbaz for reporting)
x [XSS] Fixed excessive recursion causing GC-related hangs on
some ads-intensive websites (like der-postillion.de)

 

Get it!



#7 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 35,933 posts

Posted 23 August 2017 - 08:11 PM

NoScript v 5.0.9

x [WebExt] Make sure the embedded WebExtension cannot
interfere with the legacy side beside preference migration
x [Nightly] Fixed breakage from bug 1390106
x [Nightly] Work-around for HTMLEmbedElement removal
x [Nightly] Fixed first run UI visibility check
x [XSS] Work-around for Google notifications false positive
x [Nightly] Fixed startup breakage
x [Surrogates] Fixed noisy google-analytics replacement
x [Nightly] Fixed view-source: breakage

 

Get it!