Fedora 12 Update: mozilla-noscript-1.9.9.81-1.fc12
updates at fedoraproject.org
updates at fedoraproject.org
Mon Jun 7 22:32:54 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-9266
2010-05-31 17:41:53
--------------------------------------------------------------------------------
Name : mozilla-noscript
Product : Fedora 12
Version : 1.9.9.81
Release : 1.fc12
URL : http://noscript.net/
Summary : JavaScript white list extension for Mozilla Firefox
Description :
The NoScript Firefox extension provides extra protection for Firefox.
It allows JavaScript, Java, Flash and other plug-ins to be executed only by
trusted web sites of your choice (e.g. your online bank) and additionally
provides Anti-XSS protection.
--------------------------------------------------------------------------------
Update Information:
[+] new feature, [x] bug fix, [-] removed feature, [=] repackaging or cosmetic
change v 1.9.9.81
========================================================================== +
Experimental blocking of page refreshes happening inside untrusted unfocused
tabs, should provide protection against Aviv Raff's scriptless "tabnabbing"
variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference: 0 - no blocking
1 - block refreshes on untrusted unfocused tabs 2 - block refreshes on
trusted unfocused tabs 3 - block refreshes on both trusted and untrusted
unfocused tab Address patterns matching pages which shouldn't be affected can
be listed in the noscript.forbidBGRefresh.exceptions preference x Fixed XSS
false positive in new 3.7 add-ons manager x Fixed meta-refresh URL parsing
mismatch x Fixed import script surrogates being broken by a 1.9.9.79 regression
v 1.9.9.80
========================================================================== x
Fixed "Partially allowed scripts" icon shown instead of the "Scripts allowed
but some objects blocked" one when the blocked objects' domains are not
whitelisted for scripting (thanks al_9x for reporting) x Fixed "Scripts allowed
but some objects blocked" icon not being used for blocked web fonts (thanks
Alan Baxter for reporting) x (ABE) Deny on INCLUSION don't trigger a
notification even if the blocked request is for a subdocument (the blocking
is logged in the Console, use SUB if user-facing notification is needed) x
Fixed privileged XMLHttpRequests for untrusted resources being blocked if
HTTP redirections occurred (thanks mari for reporting) + Better compatibility
with IronPort web-based tools (thanks Ron Collins for reporting) v
1.9.9.79
========================================================================== x
Script surrogates whose source starts with the '!' get executed on pages
where scripts are disabled (on document DOM completion, rather than before
HTML parsing starts like regular surrogates) v 1.9.9.78
========================================================================== x
Redirect cache for scripts and XBL only x Fixed cross-site CSS being blocked
under some circumstances (e.g. on Flicker and Yahoo) v 1.9.9.77
========================================================================== +
ABE INCLUSION(type1, type2, type3...) pseudo-method allows rules to take
request type (e.g. SCRIPT vs CSS) in account + ABE SELF+ (same domain) and
SELF++ (same base domain) pseudo-origins x Fixed iconic feedback
inconsistencies when untrusted blocked objects are mixed with full-trusted
content (tanks al_9x for reporting) x Fixed Injection Checker false positives
on some kinds of complex nested URLs (thanks Sirdarckcat for reporting) x
Tweaked ClearClick for Disqus compatibility (thanks John for reporting) v
1.9.9.76
========================================================================== x
Fixed broken menu on Minefield when External Filters are enabled (thanks
linuser for reporting) x Fixed about: URL not being shown in NoScript menu
(thanks al_9x for reporting) x Removed minor strict warnings on Minefield
v 1.9.9.75
========================================================================== x
Redirected site caching now skips plugin content x Removed __parent__ usages
for Minefield compatibility x Removed some strict warnings (thanks timeless for
reporting)
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 28 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.81-1
- new version
* Mon May 24 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.79-1
- new version
* Sun May 16 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.74-1
- new version
- renew patch
* Thu Apr 22 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.69-1
- new version
* Mon Apr 19 2010 Thomas Spura <tomspur at fedoraproject.org> - 1.9.9.66-1
- new version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #593247 - mozilla-noscript-1.9.9.81 is available
https://bugzilla.redhat.com/show_bug.cgi?id=593247
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update mozilla-noscript' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list