Fedora EPEL 5 Update: mozilla-noscript-1.9.9.81-1.el5

updates at fedoraproject.org updates at fedoraproject.org
Wed Jun 9 15:48:21 UTC 2010 

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-2805
2010-05-19 02:19:58
--------------------------------------------------------------------------------

Name        : mozilla-noscript
Product     : Fedora EPEL 5
Version     : 1.9.9.81
Release     : 1.el5
URL         : http://noscript.net/
Summary     : JavaScript white list extension for Mozilla Firefox
Description :
The NoScript Firefox extension provides extra protection for Firefox.
It allows JavaScript, Java, Flash and other plug-ins to be executed only by
trusted web sites of your choice (e.g. your online bank) and additionally
provides Anti-XSS protection.

--------------------------------------------------------------------------------
Update Information:

[+] new feature, [x] bug fix, [-] removed feature, [=] repackaging or cosmetic
change    v 1.9.9.81
==========================================================================  +
Experimental blocking of page refreshes happening inside untrusted    unfocused
tabs, should provide protection against Aviv Raff's scriptless    "tabnabbing"
variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference:    0 - no blocking
1 - block refreshes on untrusted unfocused tabs    2 - block refreshes on
trusted unfocused tabs    3 - block refreshes on both trusted and untrusted
unfocused tab    Address patterns matching pages which shouldn't be affected can
be    listed in the noscript.forbidBGRefresh.exceptions preference  x Fixed XSS
false positive in new 3.7 add-ons manager  x Fixed meta-refresh URL parsing
mismatch  x Fixed import script surrogates being broken by a 1.9.9.79 regression
v 1.9.9.80
==========================================================================  x
Fixed "Partially allowed scripts" icon shown instead of the "Scripts    allowed
but some objects blocked" one when the blocked objects' domains    are not
whitelisted for scripting (thanks al_9x for reporting)  x Fixed "Scripts allowed
but some objects blocked" icon not being used for    blocked web fonts (thanks
Alan Baxter for reporting)  x (ABE) Deny on INCLUSION don't trigger a
notification even if the blocked    request is for a subdocument (the blocking
is logged in the Console, use    SUB if user-facing notification is needed)  x
Fixed privileged XMLHttpRequests for untrusted resources being blocked    if
HTTP redirections occurred (thanks mari for reporting)  + Better compatibility
with IronPort web-based tools (thanks Ron Collins    for reporting)    v
1.9.9.79
==========================================================================  x
Script surrogates whose source starts with the '!' get executed on    pages
where scripts are disabled (on document DOM completion, rather    than before
HTML parsing starts like regular surrogates)    v 1.9.9.78
==========================================================================  x
Redirect cache for scripts and XBL only  x Fixed cross-site CSS being blocked
under some circumstances (e.g.    on Flicker and Yahoo)    v 1.9.9.77
==========================================================================  +
ABE INCLUSION(type1, type2, type3...) pseudo-method allows rules to take
request type (e.g. SCRIPT vs CSS) in account  + ABE SELF+ (same domain) and
SELF++ (same base domain) pseudo-origins  x Fixed iconic feedback
inconsistencies when untrusted blocked objects    are mixed with full-trusted
content (tanks al_9x for reporting)  x Fixed Injection Checker false positives
on some kinds of complex nested    URLs (thanks Sirdarckcat for reporting)  x
Tweaked ClearClick for Disqus compatibility (thanks John for reporting)    v
1.9.9.76
==========================================================================  x
Fixed broken menu on Minefield when External Filters are enabled (thanks
linuser for reporting)  x Fixed about: URL not being shown in NoScript menu
(thanks al_9x for    reporting)  x Removed minor strict warnings on Minefield
v 1.9.9.75
==========================================================================  x
Redirected site caching now skips plugin content  x Removed __parent__ usages
for Minefield compatibility  x Removed some strict warnings (thanks timeless for
reporting)    v 1.9.9.74  ================================================1.9.9.
74-1.el5==========================  x Fixed false positive issue with empty
cross-site POST requests (thanks    Bahamut for reporting)    v 1.9.9.73
==========================================================================  x
Fixed potential double-firing command issue on Firefox Mobile  + Added
about:addons and about:home to the mandatory whitelist  + Improved responsivity
and usability on Firefox Mobile    v 1.9.9.72
==========================================================================  x
Fixed configuration import/export/synchronization bug introduced by
"configuration presets" for Firefox Mobile  + Finger-friendlier UI on Firefox
Mobile      v 1.9.9.71
==========================================================================  +
Added "Allowed with untrusted sources and blocked objects" icon  x Fixed minor
inconsistencies in new partial allowance feedback icons    (thanks al_9x for
reporting)    v 1.9.9.70
==========================================================================  +
Compatibility and better integration with latest Firefox Mobile (Fennec)  +
Experimental external filters for plugin content (e.g. Blitzableiter for
Adobe Flash), see NoScript Options|Advanced|External Filters (Fx >=3.5)  + New
specific partial status icon for pages where all scripts are allowed    but some
objects are blocked (thanks al_9x for RFE)  + "about:blank" won't be shown as a
secondary source in NoScript's UI. Old    behavior can be restored by setting
the noscript.showBlankSources    preference to true (thanks al_9x for RFE)  +
googleapis.com in the default whitelist  x Fixed 2nd order indirect
InjectionChecker bypass (thanks Sirdarckcat for    reporting)  x Fixed a Mac OS
X specific InjectionChecker decoding issue (thanks    Colling Jackson for
reporting)
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update mozilla-noscript' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the epel-package-announce mailing list