Fedora 12 Update: mozilla-noscript-1.9.9.97-1.fc12
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jul 6 17:32:50 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-10569
2010-06-30 14:45:58
--------------------------------------------------------------------------------
Name : mozilla-noscript
Product : Fedora 12
Version : 1.9.9.97
Release : 1.fc12
URL : http://noscript.net/
Summary : JavaScript white list extension for Mozilla Firefox
Description :
The NoScript Firefox extension provides extra protection for Firefox.
It allows JavaScript, Java, Flash and other plug-ins to be executed only by
trusted web sites of your choice (e.g. your online bank) and additionally
provides Anti-XSS protection.
--------------------------------------------------------------------------------
Update Information:
Last changes: [+] new feature, [x] bug fix, [-] removed feature, [=]
repackaging or cosmetic change v 1.9.9.97
========================================================================== x
Fixed ClearClick false positives on Fx 3.5 and below (thanks Deniz Sofu for
reporting) x Compatibility version bump for Seamokey trunk v 1.9.9.97rc1
========================================================================== x
Fixed '@' surrogates being ran on scriptless pages x Recentering on the parent
form for ClearClick checks over a form widget reduces false positives over
obstructed frames v 1.9.9.96
========================================================================== x
Fixed Script Surrogates activation glitches v 1.9.9.95
========================================================================== x
Fixed wrongly sized placeholders on Youtube (regression from rc1) v
1.9.9.95rc2
========================================================================== x
More accurated feedback on nested object blocking (thanks al_9x for
reporting) + External filters command line template updated with request origin
as the 3rd argument v 1.9.9.95rc1
========================================================================== +
imagebam surrogate kills popups over images and popunders on click + imagehaven
surrogate kills popups over images and popunders on click + inserstitialBox
surrogate kills interstital on imagevenue.com + "!@" prefixed surrogates run no
matter whether scripts are enabled or disabled for the page (in a
DOMContentLoaded event handler) x Fixed JS redirect handling causing duplicate
object placeholders on scriptless pages containing embeddings only x Fixed
ABE's SELF checks fail on redirects which contain a browser URL v 1.9.9.94
========================================================================== x
Fixed bookmarklets support on non-whitelisted pages broken in non-Places
browsers like SeaMonkey (thanks therube for reporting) X Better icon feedback
on page where there's no script element but some plugin content has been
blocked v 1.9.9.93
========================================================================== x
Fixed ClearClick false positives when RTL content or browser settings put the
vertical scrollbar on the left (thanks Mark Callow for report) x Fixed setting
noscript.checkInjectionType to false did not disable the feature (thanks
al_9x for report) x More accurate embedded object replacement (thanks al_9x for
report) v 1.9.9.92
========================================================================== x
Fixed Places-related bug on Minefield (thanks mpz for reporting) x
noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
(allow same domain) if either the parent or the frame is marked as untrusted
(thanks al_9x for suggestion) v 1.9.9.91
========================================================================== x
More compatible docShell reaching, works around some buggy extensions which
wrap browser.webNavigation just partially x InjectionChecker's XML reduction
more compatible with SAML v 1.9.9.90
========================================================================== +
Optimal timing for page-level surrogates in frames x ClearClick exceptions are
considered independently from the JavaScript whitelist as they should x More
consistent web bugs blocking with forced NOSCRIPT elements, take 2 (thanks
al_9x for reporting) v 1.9.9.89
========================================================================== x
More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting) x More consistent icon feedback with docShell-
based cascading JS blocking (thanks al_9x for reporting) v 1.9.9.88
========================================================================== x
Inclusion type checks try to infer file type from directory-like URLs x More
consistent web bugs blocking with forced NOSCRIPT elements x Fixed object
placeholder regressions in Gecko < 1.9 (thanks Rob for reporting) x Version
compatibility bump to Firefox 3.7a6pre v 1.9.9.87
========================================================================== x
Improved URL parsing in META refresh interception x Optimized * universal
pattern in AddressMatcher x Better error reporting during the execution of
location bar scriptlets v 1.9.9.86
========================================================================== +
Better timing for page-level script surrogates inside frames +
mime/type at http://site.com syntax support for noscript.allowedMimeRegExp
preference (thanks Gregyski for request) + Improved XSS checks accuracy (less
false positives) and performance + Enhanced management of recent Silverlight
versions (thanks al_9x for reporting) v 1.9.9.85
========================================================================== +
More accurate checks for META inside NOSCRIPT with HTML 5 parser x Fixed
possible DOS condition on some kinds of very long URLs v 1.9.9.84
========================================================================== x
Improved heuristic for background refresh automatic blocking and reenablement
x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element v
1.9.9.83
========================================================================== x
Fixed some sites refreshing themselves even if another load has been
initiated (thanks Dirk S for reporting) v 1.9.9.82
========================================================================== +
More discreet and automated anti-tabnagging protection (refreshes are blocked
on unfocused tabs and get automatically executed only when tab gets in focus
again) + Slight optimization of AddressMatcher tests on .site.com clauses x
Fixed noscript.forbidBGRefresh.exceptions not being honored x Better handling
of error conditions happening during ABE's channel replacement internal
redirections (thanks al_9x for reporting) x Fixed minor feedback icon glitches
(thanks al_9x for reporting) v 1.9.9.81
========================================================================== +
Experimental blocking of page refreshes happening inside untrusted unfocused
tabs, should provide protection against Aviv Raff's scriptless "tabnagging"
variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference: 0 - no blocking
1 - block refreshes on untrusted unfocused tabs 2 - block refreshes on
trusted unfocused tabs 3 - block refreshes on both trusted and untrusted
unfocused tab Address patterns matching pages which shouldn't be affected can
be listed in the noscript.forbidBGRefresh.exceptions preference x Fixed XSS
false positive in new 3.7 add-ons manager x Fixed meta-refresh URL parsing
mismatch x Fixed import script surrogates being broken by a 1.9.9.79 regression
Changes since last version: [+] new feature, [x] bug fix, [-] removed
feature, [=] repackaging or cosmetic change v 1.9.9.87
========================================================================== x
Improved URL parsing in META refresh interception x Optimized * universal
pattern in AddressMatcher x Better error reporting during the execution of
location bar scriptlets v 1.9.9.86
========================================================================== +
Better timing for page-level script surrogates inside frames +
mime/type at http://site.com syntax support for noscript.allowedMimeRegExp
preference (thanks Gregyski for request) + Improved XSS checks accuracy (less
false positives) and performance + Enhanced management of recent Silverlight
versions (thanks al_9x for reporting) v 1.9.9.85
========================================================================== +
More accurate checks for META inside NOSCRIPT with HTML 5 parser x Fixed
possible DOS condition on some kinds of very long URLs v 1.9.9.84
========================================================================== x
Improved heuristic for background refresh automatic blocking and reenablement
x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element v
1.9.9.83
========================================================================== x
Fixed some sites refreshing themselves even if another load has been
initiated (thanks Dirk S for reporting) v 1.9.9.82
========================================================================== +
More discreet and automated anti-tabnagging protection (refreshes are blocked
on unfocused tabs and get automatically executed only when tab gets in focus
again) + Slight optimization of AddressMatcher tests on .site.com clauses x
Fixed noscript.forbidBGRefresh.exceptions not being honored x Better handling
of error conditions happening during ABE's channel replacement internal
redirections (thanks al_9x for reporting) x Fixed minor feedback icon glitches
(thanks al_9x for reporting)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 30 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.97-1
- new version
* Sat Jun 12 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.87-1
- new version
* Fri May 28 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.81-1
- new version
* Mon May 24 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.79-1
- new version
* Sun May 16 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.74-1
- new version
- renew patch
* Thu Apr 22 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.69-1
- new version
* Mon Apr 19 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.66-1
- new version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #607534 - mozilla-noscript-1.9.9.97 is available
https://bugzilla.redhat.com/show_bug.cgi?id=607534
[ 2 ] Bug #602181 - mozilla-noscript-1.9.9.87 is available
https://bugzilla.redhat.com/show_bug.cgi?id=602181
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update mozilla-noscript' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list