--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-2805
2010-05-19 02:19:58
--------------------------------------------------------------------------------
Name : mozilla-noscript
Product : Fedora EPEL 5
Version : 1.9.9.81
Release : 1.el5
URL :
http://noscript.net/
Summary : JavaScript white list extension for Mozilla Firefox
Description :
The NoScript Firefox extension provides extra protection for Firefox.
It allows JavaScript, Java, Flash and other plug-ins to be executed only by
trusted web sites of your choice (e.g. your online bank) and additionally
provides Anti-XSS protection.
--------------------------------------------------------------------------------
Update Information:
[+] new feature, [x] bug fix, [-] removed feature, [=] repackaging or cosmetic
change v 1.9.9.81
========================================================================== +
Experimental blocking of page refreshes happening inside untrusted unfocused
tabs, should provide protection against Aviv Raff's scriptless
"tabnabbing"
variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference: 0 - no blocking
1 - block refreshes on untrusted unfocused tabs 2 - block refreshes on
trusted unfocused tabs 3 - block refreshes on both trusted and untrusted
unfocused tab Address patterns matching pages which shouldn't be affected can
be listed in the noscript.forbidBGRefresh.exceptions preference x Fixed XSS
false positive in new 3.7 add-ons manager x Fixed meta-refresh URL parsing
mismatch x Fixed import script surrogates being broken by a 1.9.9.79 regression
v 1.9.9.80
========================================================================== x
Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed
but some objects blocked" one when the blocked objects' domains are not
whitelisted for scripting (thanks al_9x for reporting) x Fixed "Scripts allowed
but some objects blocked" icon not being used for blocked web fonts (thanks
Alan Baxter for reporting) x (ABE) Deny on INCLUSION don't trigger a
notification even if the blocked request is for a subdocument (the blocking
is logged in the Console, use SUB if user-facing notification is needed) x
Fixed privileged XMLHttpRequests for untrusted resources being blocked if
HTTP redirections occurred (thanks mari for reporting) + Better compatibility
with IronPort web-based tools (thanks Ron Collins for reporting) v
1.9.9.79
========================================================================== x
Script surrogates whose source starts with the '!' get executed on pages
where scripts are disabled (on document DOM completion, rather than before
HTML parsing starts like regular surrogates) v 1.9.9.78
========================================================================== x
Redirect cache for scripts and XBL only x Fixed cross-site CSS being blocked
under some circumstances (e.g. on Flicker and Yahoo) v 1.9.9.77
========================================================================== +
ABE INCLUSION(type1, type2, type3...) pseudo-method allows rules to take
request type (e.g. SCRIPT vs CSS) in account + ABE SELF+ (same domain) and
SELF++ (same base domain) pseudo-origins x Fixed iconic feedback
inconsistencies when untrusted blocked objects are mixed with full-trusted
content (tanks al_9x for reporting) x Fixed Injection Checker false positives
on some kinds of complex nested URLs (thanks Sirdarckcat for reporting) x
Tweaked ClearClick for Disqus compatibility (thanks John for reporting) v
1.9.9.76
========================================================================== x
Fixed broken menu on Minefield when External Filters are enabled (thanks
linuser for reporting) x Fixed about: URL not being shown in NoScript menu
(thanks al_9x for reporting) x Removed minor strict warnings on Minefield
v 1.9.9.75
========================================================================== x
Redirected site caching now skips plugin content x Removed __parent__ usages
for Minefield compatibility x Removed some strict warnings (thanks timeless for
reporting) v 1.9.9.74 ================================================1.9.9.
74-1.el5========================== x Fixed false positive issue with empty
cross-site POST requests (thanks Bahamut for reporting) v 1.9.9.73
========================================================================== x
Fixed potential double-firing command issue on Firefox Mobile + Added
about:addons and about:home to the mandatory whitelist + Improved responsivity
and usability on Firefox Mobile v 1.9.9.72
========================================================================== x
Fixed configuration import/export/synchronization bug introduced by
"configuration presets" for Firefox Mobile + Finger-friendlier UI on Firefox
Mobile v 1.9.9.71
========================================================================== +
Added "Allowed with untrusted sources and blocked objects" icon x Fixed minor
inconsistencies in new partial allowance feedback icons (thanks al_9x for
reporting) v 1.9.9.70
========================================================================== +
Compatibility and better integration with latest Firefox Mobile (Fennec) +
Experimental external filters for plugin content (e.g. Blitzableiter for
Adobe Flash), see NoScript Options|Advanced|External Filters (Fx >=3.5) + New
specific partial status icon for pages where all scripts are allowed but some
objects are blocked (thanks al_9x for RFE) + "about:blank" won't be shown
as a
secondary source in NoScript's UI. Old behavior can be restored by setting
the noscript.showBlankSources preference to true (thanks al_9x for RFE) +
googleapis.com in the default whitelist x Fixed 2nd order indirect
InjectionChecker bypass (thanks Sirdarckcat for reporting) x Fixed a Mac OS
X specific InjectionChecker decoding issue (thanks Colling Jackson for
reporting)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update mozilla-noscript' at the command line.
For more information, refer to "Managing Software with yum",
available at
http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------