NoScript Security Suite version history - 25 versions
NoScript Security Suite by Giorgio Maone
Be careful with old versions! These versions are displayed for testing and reference purposes.You should always use the latest version of an add-on.
Latest version
Version 11.5.2
Released Oct 31, 2024 - 937.29 KBWorks with firefox 115.0 and later, android 115.0 and laterv 11.5.2
============================================================
x [tor-browser#43257] More efficient, flexible and
race-resistant placeholder stylingSource code released under GNU General Public License v2.0
Download Firefox and get the extensionYou'll need Firefox to use this extensionOlder versions
Version 11.5.0
Released Oct 28, 2024 - 935.87 KBWorks with firefox 115.0 and later, android 115.0 and laterv 11.5.0
============================================================
x [tor-browser#32668] Use the Security Level as the default
policy for Options Reset on Tor Browser
x [tor] Stateless-compatible Tor Browser integration
x [L10n] Updated pt_BR
x Stateless-compatible temporary permissions
x Switch from deferWebTraffic to Wakening
x Stateless-compatibile TabGuard
x Switch to non-persistent background page
x [xss] Refactor for non-persistence
x Removed Fennec-specific code
x Bump min Gecko compatibility to 115.0 (stateless
background script support)Source code released under GNU General Public License v2.0
Version 11.4.42
Released Oct 3, 2024 - 942.82 KBWorks with firefox 59.0 and later, android 113.0 and laterv 11.4.42
============================================================
x [nscl] Further SyncMessage simplification
x Mitigate race conditions on startup
v 11.4.41
============================================================
x [nscl] Fixed Chromium worker patching regression caused by
failSafe scope
x [nscl] Force service workers to be patched bypassing cache
x [nscl] More robust SyncMessage implementation
x [nscl] Enhanced remote worker patching
x [nscl] Remove missing source map warning for
browser-polyfill.js
x [nscl] Better console handling in execution context
patches
x Reduce console spam on non-debugging instances
x [nscl] Avoid patched workers breakage if console API is
disabled (thanks ayi for reporting)Source code released under GNU General Public License v2.0
Version 11.4.40
Released Sep 22, 2024 - 942.83 KBWorks with firefox 59.0 and later, android 113.0 and later11.4.40
============================================================
x [nscl] Fix patched workers failures caused by Firefox
webRequest filters disconnect() breaking on large files
(thanks barbaz for reporting)
v 11.4.39
============================================================
x [nscl] Improved WebGL-hooking and worker patching
stability
x [L10n] Lower to 90% the threshold for including a new
translation
x [L10n] Updated he, pt_PT
x [nscl] Prevent patchWindow from throwing on SOP violations
x [nscl] Correctly propagate extra arguments to shadowed
worker constructorsSource code released under GNU General Public License v2.0
Version 11.4.37
Released Sep 8, 2024 - 941.7 KBWorks with firefox 59.0 and later, android 113.0 and laterv 11.4.37
============================================================
x [nscl] Do not patch windows with WebGLHook if webgl is
globally disabled
x [nscl] Do not patch workers if webgl is globally disabled
x [L10n] Updated uk
x [nscl] Workers-aware WebGL HookSource code released under GNU General Public License v2.0
Version 11.4.35
Released Aug 26, 2024 - 934.13 KBWorks with firefox 59.0 and later, android 113.0 and laterv 11.4.35
============================================================
x Improved lazy_load capability (optimization and
notification)
x [nscl] Slight optimization of NOSCRIPT element emulation
loop
x Automatically add extra capabilities to policyTypesMap
x Gracefully handle new capabilities still unknown to the
settings host (e.g. Tor/Mullvad browser), if any
x Configurable "lazy_load" capability (see
https://github.com/whatwg/html/issues/5250)
x Prefetch all CSS subresources (1st party included) in
private contexts where both unchecked_css and scripting
capabilities are disabled
x Forcibly neutralize lazy loading attributes when scripting
is disabled
x [nscl] Restored SyncMessage compatibility with Firefox 78
and below
x Lock nscl version on stable releases
x [L10n] Updated de, fr, tr, ru, uk, zh_CNSource code released under GNU General Public License v2.0
Version 11.4.34
Released Aug 7, 2024 - 932.84 KBWorks with firefox 79.0 and later, android 113.0 and laterv 11.4.34
============================================================
x [nscl] Work around for
https://bugzilla.mozilla.org/show_bug.cgi?id=1899786
(issue #372)
x [L10n] Updated de, ru, tr
x Synchronize nscl git commits as needed before tagging new
versionsSource code released under GNU General Public License v2.0
Version 11.4.31
Released Jul 16, 2024 - 932.54 KBWorks with firefox 59.0 and later, android 113.0 and laterv 11.4.31
============================================================
x [L10n] Updated fr, is, ru, zh_CN
x Improved release tooling
x [nscl] Updated to latest NoScript Commons Library
x NoScript Options/Appearance/Show synthetic placeholders
for invisible capability probes (issue #369)
x [nscl] Make placeholders easier to style per type
x Prevent duplicate synthetic placeholders for invisible
capability probes (issue #369)Source code released under GNU General Public License v2.0
Version 11.4.30
Released Jul 8, 2024 - 931.81 KBWorks with firefox 59.0 and later, android 113.0 and laterv 11.4.30
============================================================
x [nscl] Best effort WebGL placeholders for offscreen
capability detection
x Improved blocked but required capability reporting from
subframes (issue #367)
x [nscl] Include SVG among embedding document types (fixes
issue #366)
x Removed obsolete "applications" manifest.json keySource code released under GNU General Public License v2.0
Version 11.4.29
Released Dec 7, 2023 - 930.37 KBWorks with firefox 59.0 and later, android 113.0 and laterv 11.4.29
============================================================
x [nscl] Updated TLDs
x [nscl] Improved reliability of TLD updater
x Removed theme.js console noise
x Fix beta channel updates breakage due to
browser_specific_settings override
x [nscl] Several content-side performance improvements
x Reduce synchronous policy retrieval impact on file: and
ftp: document loading performance
x More commands for which a keyboard shortcut can be
configured
x [L10n] Updated de, fi, mk, nl, pl, ru, sq, tr, uk,
pt_BR, zh_CN, zh_TW
x Explicit Android compatibility declarationSource code released under GNU General Public License v2.0
Version 11.4.28
Released Oct 8, 2023 - 928.61 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.28
============================================================
x Prevent URL leaks from media placeholders (thanks NDevTK
for report)
x [nscl] Support for in-tree TLDs updatesSource code released under GNU General Public License v2.0
Version 11.4.27
Released Sep 8, 2023 - 927.84 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.27
============================================================
x [XSS] Better specificity of HTML elements preliminary
checks
x [XSS] Better specificity of potential fragmented injection
through framework syntax detection (thanks Rom623, barbaz
et al)
x [nscl] RegExp.combo(): RegExp creation by combination for
better readability and comments
x [nscl] Replaced lib/sha256.js with web platform native
implementation (thanks Martin for suggested patch)
x [nscl] Fixed property/function mismatch (thanks Alex)
x Fixed operators precedence issue #312 (thanks Alex)
x [nscl] Prevent dead object access on BF cache (thanks
jamhubub and mriehm)Source code released under GNU General Public License v2.0
Version 11.4.26
Released Jul 20, 2023 - 930.12 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.26
============================================================
x [Android] Fixed regression preventing NoScript prompts
from being shown
x [XSS] Fallback to execute most demanding regular
expressions asynchronously
x [XSS] Removed obsolete Flash-related checks
x [XSS] Make InjectionChecker's regular expressions easier
to debug
x [XSS] Updated OpenID regexpSource code released under GNU General Public License v2.0
Version 11.4.25
Released Jul 9, 2023 - 928.37 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.25
============================================================
x Reload extension on fatal failures
x [Android] Fixed UI styling regression
x Fixed UI inconsistencies when finer-grained contextual
policies are created/imported by other means (thanks
barbaz for reporting)Source code released under GNU General Public License v2.0
Version 11.4.24
Released Jun 29, 2023 - 927.78 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.24
============================================================
x [XSS] Fix Base64 hash checks interfering with query string
checks (thanks barbaz for reporting)
x [TabGuard] Stop exempting domains bidirectionally by
default
x [TabGuard] Fix destination domain being reported as the
trigger of a warning prompt when all the other tab-tied
domains have been exempted (thanks barbaz for report)Source code released under GNU General Public License v2.0
Version 11.4.22
Released May 15, 2023 - 926.66 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.22
============================================================
x [L10n] Updated uk
x Consistently apply DEFAULT policy to top-level data: URLsSource code released under GNU General Public License v2.0
Version 11.4.21
Released Mar 30, 2023 - 929.24 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.21
============================================================
x Fixed mislabeled Tor Browser settings override option
x [L10n] Updated mkSource code released under GNU General Public License v2.0
Version 11.4.20
Released Mar 20, 2023 - 928.87 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.20
============================================================
x Generalized prompt safety hooks
x Better blob: URL support
x [nscl] Improved cross-window patch cascading
x [nscl] Avoid unneeded side effects when checking for
zombie patched objects
x [nscl] Prompt safety hooks
x [L10n] Updated fr, fi
x Fix font family typo (!283, thanks alex-kinokon)Source code released under GNU General Public License v2.0
Version 11.4.18
Released Mar 1, 2023 - 927.24 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.18
============================================================
x [Firefox on Linux] Fixed detached window UI gets closed
when its decoration is clicked (thanks richard for
reporting)
v 11.4.17
============================================================
x [nscl] Settings persistence made more reliable and
resilient against sync storage unavailability
x [Windows] Changed the tab enforcement toggling shortcut to
"Alt+Shift+Comma" (still "Alt+Shift+Space" on desktop OSes
other than Windows) - issue #281
x Updated copyright year
x Removed unused files from the source tree
x Fixed "Firefox" being shown instead of "Tor Browser" in
the Security Level override option label
x [L10n] Updated pl, trSource code released under GNU General Public License v2.0
Version 11.4.16
Released Feb 6, 2023 - 926.76 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.16
============================================================
x [L10n] Updated de, nl, pl, ru, sq, zh_CN
x Always open the windowed standalone UI when invoked from
the Alt+Shift+N shortcut
x Alt+Shift+Space shortcut to toggle restrictions
enforcement for current tab (issue #129, thanks PF4Public
for RFE)Source code released under GNU General Public License v2.0
Version 11.4.15
Released Jan 26, 2023 - 925.47 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.15
============================================================
x Use the actual browser's brand name for Tor Browser
derivatives
x Always open the windowed standalone UI when invoked from
the contextual menu (thanks ZeroUnderscoreOu for
reporting)Source code released under GNU General Public License v2.0
Version 11.4.14
Released Jan 1, 2023 - 926.64 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.14
============================================================
x Updated HTML event attributes list
x Uniformed indexed directory Firefox UI emulation to
prevent a script blocking bypass on file:// resources
(thanks RyotaK for reporting)
x Fixed error being logged in the console on scriptless
pages when hitting [Delete] or [Backspace] (thanks barbaz
for reporting)
x Work-around for background page misteriously being
unloaded sometimes by Firefox
x [L10n] Updated Transifex configurationSource code released under GNU General Public License v2.0
Version 11.4.13
Released Nov 21, 2022 - 926.55 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.13
============================================================
x Ensure theme changes are synchronized across windows,
including private ones (thanks barbaz for reporting)
x [UI] Ensure prompts are always centered relative to the
parent window in multi-monitors setups
x Switch to "Modern Red Evil" icon contributed by fatboy
x Work-around for Chromium unable to load the placeholder
icon
x Themed placeholders
x [nscl] Fixed placeholder fallback styles on Gecko
embedding documents
x [L10n] New Romanian (ro) locale (thanks Simona Iacob and
Inpresentia I.)Source code released under GNU General Public License v2.0
Version 11.4.12
Released Nov 14, 2022 - 920.85 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.12
============================================================
x [L10n] Updated is, mk
x [L10n] New Finnish (fi) locale (thanks RJuho, olavinto and
ricky.tigg)
x [L10n] New Ukrainian (uk) locale (thanks Kataphan, MuS and
uniss)
x [L10n] New Persian (fa) locale (thanks voxp and magnifico)Source code released under GNU General Public License v2.0
Version 11.4.11
Released Sep 14, 2022 - 900.96 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.4.11
============================================================
x Fix broken NoScript dialogs when
browser.privatebrowsing.autostart = true (issue#259,
thanks foenix for reporting)
x Avoid using fallback origins for main_frame loadsSource code released under GNU General Public License v2.0