-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-177e6b7c5a 2018-07-31 18:00:51.599663 --------------------------------------------------------------------------------
Name : mozilla-noscript Product : Fedora 28 Version : 10.1.8.8 Release : 1.fc28 URL : http://noscript.net/ Summary : JavaScript white list extension for Mozilla Firefox Description : The NoScript Firefox extension provides extra protection for Firefox. It allows JavaScript, Java, Flash and other plug-ins to be executed only by trusted web sites of your choice (e.g. your online bank) and additionally provides Anti-XSS protection.
-------------------------------------------------------------------------------- Update Information:
**NOTE:** All packaged Firefox add-ons are affected by Firefox bug fedora#1508827 . A workaround is provided in the bug report. Please do not give negative karma just because of that bug. # Changes since 10.1.8.2: ##10.1.8.8 * Prevent script injection from messing with content-disposition=attachment responses. ##10.1.8.7 * Fixed regression breaking meta refresh with relative URLs ##10.1.8.5 * Completed fix for quoted URLs in meta refresh (thanks Juozas for reporting) ##10.1.8.4 * [L10n] Fixed es translation (thanks Deckan) * Cosmetic bug fixes * Updated TLDs ##10.1.8.3 * [XSS] Fixed InjectionChecker choking at some big JSON payloads sents as POST form data * Fixed meta-refresh emulation confused by quoted URLs * Autosize preset buttons to accomodater bigger localized labels * [L10n] Shortened de labels (thanks musonius) * More graceful handling of internal and restricted URLs (thanks skriptimaahinen for report) * [L10n] Added de, es, fr, it, nl, pt_BR and zh_CN locales (courtesy of Mozilla's localization campaign) * Switch to inline elements as "NOSCRIPT" HTML replacements * Fixed subframe content changes producing ambiguous NoScript icon feedback * More meaningful/useful popup on (semi)privileged documents * Included license files in the XPI * [XSS] In-depth protection against native ES6 modules abuse * Fixed dynamic script injection issues (thanks skriptimaahinen for help) * MSE media reporting and blocking (e.g. on Youtube) #Changes since 5.1.8.5: ##5.1.8.6 * [Surrogate] Fixed 2mdn surrogate compatibility issues (thanks barbaz) -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 20 2018 Dominik Mierzejewski rpm@greysector.net - 10.1.8.8-1 - update to 10.1.8.8 (#1601456) - update classic version to 5.1.8.6 - extract only the licenses and cfg file * Fri Jun 29 2018 Dominik Mierzejewski rpm@greysector.net - 10.1.8.2-3 - update to 10.1.8.2 (#1583884) * Wed May 23 2018 Dominik Mierzejewski rpm@greysector.net - 10.1.8.1-2 - update to 10.1.8.1 (#1572820) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1601456 - mozilla-noscript-10.1.8.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1601456 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-177e6b7c5a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org