Fedora 12 Update: mozilla-noscript-1.9.9.97-1.fc12

updates at fedoraproject.org updates at fedoraproject.org
Tue Jul 6 17:32:50 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-10569
2010-06-30 14:45:58
--------------------------------------------------------------------------------

Name        : mozilla-noscript
Product     : Fedora 12
Version     : 1.9.9.97
Release     : 1.fc12
URL         : http://noscript.net/
Summary     : JavaScript white list extension for Mozilla Firefox
Description :
The NoScript Firefox extension provides extra protection for Firefox.
It allows JavaScript, Java, Flash and other plug-ins to be executed only by
trusted web sites of your choice (e.g. your online bank) and additionally
provides Anti-XSS protection.

--------------------------------------------------------------------------------
Update Information:

Last changes:    [+] new feature, [x] bug fix, [-] removed feature, [=]
repackaging or cosmetic change    v 1.9.9.97
==========================================================================  x
Fixed ClearClick false positives on Fx 3.5 and below (thanks Deniz Sofu    for
reporting)  x Compatibility version bump for Seamokey trunk    v 1.9.9.97rc1
==========================================================================  x
Fixed '@' surrogates being ran on scriptless pages  x Recentering on the parent
form for ClearClick checks over a form widget    reduces false positives over
obstructed frames    v 1.9.9.96
==========================================================================  x
Fixed Script Surrogates activation glitches    v 1.9.9.95
==========================================================================  x
Fixed wrongly sized placeholders on Youtube (regression from rc1)    v
1.9.9.95rc2
==========================================================================  x
More accurated feedback on nested object blocking (thanks al_9x for
reporting)  + External filters command line template updated with request origin
as    the 3rd argument    v 1.9.9.95rc1
==========================================================================  +
imagebam surrogate kills popups over images and popunders on click  + imagehaven
surrogate kills popups over images and popunders on click  + inserstitialBox
surrogate kills interstital on imagevenue.com  + "!@" prefixed surrogates run no
matter whether scripts are enabled or    disabled for the page (in a
DOMContentLoaded event handler)  x Fixed JS redirect handling causing duplicate
object placeholders on    scriptless pages containing embeddings only  x Fixed
ABE's SELF checks fail on redirects which contain a browser URL    v 1.9.9.94
==========================================================================  x
Fixed bookmarklets support on non-whitelisted pages broken in non-Places
browsers like SeaMonkey (thanks therube for reporting)  X Better icon feedback
on page where there's no script element but some    plugin content has been
blocked    v 1.9.9.93
==========================================================================  x
Fixed ClearClick false positives when RTL content or browser settings    put the
vertical scrollbar on the left (thanks Mark Callow for report)  x Fixed setting
noscript.checkInjectionType to false did not disable the    feature (thanks
al_9x for report)  x More accurate embedded object replacement (thanks al_9x for
report)    v 1.9.9.92
==========================================================================  x
Fixed Places-related bug on Minefield (thanks mpz for reporting)  x
noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
(allow same domain) if either the parent or the frame is marked as    untrusted
(thanks al_9x for suggestion)      v 1.9.9.91
==========================================================================  x
More compatible docShell reaching, works around some buggy extensions    which
wrap browser.webNavigation just partially  x InjectionChecker's XML reduction
more compatible with SAML    v 1.9.9.90
==========================================================================  +
Optimal timing for page-level surrogates in frames  x ClearClick exceptions are
considered independently from the JavaScript    whitelist as they should  x More
consistent web bugs blocking with forced NOSCRIPT elements, take 2    (thanks
al_9x for reporting)    v 1.9.9.89
==========================================================================  x
More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)  x More consistent icon feedback with docShell-
based cascading JS blocking    (thanks al_9x for reporting)    v 1.9.9.88
==========================================================================  x
Inclusion type checks try to infer file type from directory-like URLs  x More
consistent web bugs blocking with forced NOSCRIPT elements  x Fixed object
placeholder regressions in Gecko < 1.9 (thanks Rob for    reporting)  x Version
compatibility bump to Firefox 3.7a6pre    v 1.9.9.87
==========================================================================  x
Improved URL parsing in META refresh interception  x Optimized * universal
pattern in AddressMatcher  x Better error reporting during the execution of
location bar scriptlets    v 1.9.9.86
==========================================================================  +
Better timing for page-level script surrogates inside frames  +
mime/type at http://site.com syntax support for noscript.allowedMimeRegExp
preference (thanks Gregyski for request)  + Improved XSS checks accuracy (less
false positives) and performance  + Enhanced management of recent Silverlight
versions (thanks al_9x for    reporting)    v 1.9.9.85
==========================================================================  +
More accurate checks for META inside NOSCRIPT with HTML 5 parser  x Fixed
possible DOS condition on some kinds of very long URLs    v 1.9.9.84
==========================================================================  x
Improved heuristic for background refresh automatic blocking and    reenablement
x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element    v
1.9.9.83
==========================================================================  x
Fixed some sites refreshing themselves even if another load has been
initiated (thanks Dirk S for reporting)    v 1.9.9.82
==========================================================================  +
More discreet and automated anti-tabnagging protection (refreshes are    blocked
on unfocused tabs and get automatically executed only when    tab gets in focus
again)  + Slight optimization of AddressMatcher tests on .site.com clauses  x
Fixed noscript.forbidBGRefresh.exceptions not being honored  x Better handling
of error conditions happening during ABE's channel    replacement internal
redirections (thanks al_9x for reporting)  x Fixed minor feedback icon glitches
(thanks al_9x for reporting)    v 1.9.9.81
==========================================================================  +
Experimental blocking of page refreshes happening inside untrusted    unfocused
tabs, should provide protection against Aviv Raff's scriptless    "tabnagging"
variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference:    0 - no blocking
1 - block refreshes on untrusted unfocused tabs    2 - block refreshes on
trusted unfocused tabs    3 - block refreshes on both trusted and untrusted
unfocused tab    Address patterns matching pages which shouldn't be affected can
be    listed in the noscript.forbidBGRefresh.exceptions preference  x Fixed XSS
false positive in new 3.7 add-ons manager  x Fixed meta-refresh URL parsing
mismatch  x Fixed import script surrogates being broken by a 1.9.9.79 regression
Changes since last version:    [+] new feature, [x] bug fix, [-] removed
feature, [=] repackaging or cosmetic change    v 1.9.9.87
==========================================================================  x
Improved URL parsing in META refresh interception  x Optimized * universal
pattern in AddressMatcher  x Better error reporting during the execution of
location bar scriptlets    v 1.9.9.86
==========================================================================  +
Better timing for page-level script surrogates inside frames  +
mime/type at http://site.com syntax support for noscript.allowedMimeRegExp
preference (thanks Gregyski for request)  + Improved XSS checks accuracy (less
false positives) and performance  + Enhanced management of recent Silverlight
versions (thanks al_9x for    reporting)    v 1.9.9.85
==========================================================================  +
More accurate checks for META inside NOSCRIPT with HTML 5 parser  x Fixed
possible DOS condition on some kinds of very long URLs    v 1.9.9.84
==========================================================================  x
Improved heuristic for background refresh automatic blocking and    reenablement
x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element    v
1.9.9.83
==========================================================================  x
Fixed some sites refreshing themselves even if another load has been
initiated (thanks Dirk S for reporting)    v 1.9.9.82
==========================================================================  +
More discreet and automated anti-tabnagging protection (refreshes are    blocked
on unfocused tabs and get automatically executed only when    tab gets in focus
again)  + Slight optimization of AddressMatcher tests on .site.com clauses  x
Fixed noscript.forbidBGRefresh.exceptions not being honored  x Better handling
of error conditions happening during ABE's channel    replacement internal
redirections (thanks al_9x for reporting)  x Fixed minor feedback icon glitches
(thanks al_9x for reporting)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 30 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.97-1
- new version
* Sat Jun 12 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.87-1
- new version
* Fri May 28 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.81-1
- new version
* Mon May 24 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.79-1
- new version
* Sun May 16 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.74-1
- new version
- renew patch
* Thu Apr 22 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.69-1
- new version
* Mon Apr 19 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.66-1
- new version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #607534 - mozilla-noscript-1.9.9.97 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=607534
  [ 2 ] Bug #602181 - mozilla-noscript-1.9.9.87 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=602181
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mozilla-noscript' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list