The best security you can get in a Firefox web browser!

NoScript for Firefox

Join our mailing list

Stay up to date with latest software releases, news, software discounts, deals and more.

Subscribe
Download NoScript for Firefox 11.4.6

  -  512 KB  -  Open Source

What's new in this version:

NoScript for Firefox 11.4.6
- [nscl] Copy NOSCRIPT elements' attribute in emulated replacements
- [SS] Correct for concurrency in timeout checks
- [UI] Flatter preset appearance
- [UI] Focus visual feedback adjustments
- Inclusion-time TLD updates
- Updated HTML events
- [L10n] Updated pl
- Opaque white for vintage lock icons
- [L10n] Updated is


NoScript for Firefox 11.4.5
- Improved preset sizing
- Reduce toolbar bottom shaded line tickness
- [L10n] Updated he
- Various user-driven visual tweaks
- Fixed vintage icon brightness in automatic light mode
- Minor icon tweaks


NoScript for Firefox 11.4.4
- [L10n] Updated mk
- Removed "clearclick" item from default settings
- Better layout for mixed status icons


NoScript for Firefox 11.4.3
- Reversed colors in Modern Red permissive icons for better contrast
- Fixed regression causing only signed builds to complete


NoScript for Firefox 11.4.1
- Support for reverting to the "Vintage Blue" style (NoScript Options/Appearance)
- Various tweaks to the "Moder Red" dark and light themes


NoScript for Firefox 11.3.6
- Make high contrast and draggable toolbar items mutually
- Exclusive
- [Chromium] Fix high contrast option not working
- Avoid flashing empty graveyard on popup opening
- More deterministic DnD placeholder creation
- [L10n] Updated fr, es, nl, zh_CN
- Make disabled buttons draggable and hidden enabled buttons
- Interactive when the "graveyard" is open
- Close UI and reload immediately when enabling global/tab
- Restrictions or disabling them for the tab only


NoScript for Firefox 11.3.3
- Play nice with the Viewhance extension
- Avoid synchronous fetching for remote embedding documents
- Fixed typo in UI context dropdown initial selection
- Fixed wrong label for http: sites in contextual policy UI
- Fix for first party context policy ignored on first load in new tabs
- Consolidate best effort policy fetching
- Use correct context for all subresources checks
- Queries on Firefox
- [L10n] Updated de, es, he


NoScript for Firefox 11.3.2
- Prevent LAN protection from breaking webRequest blockin on the Tor Browser


NoScript for Firefox 11.2.24
- Avoid unnecessary window patching


NoScript for Firefox 11.2.21
- Better fallback for failing syncMessage
- [XSS] Simplified preemptive name sanitization


NoScript for Firefox 11.2.19
- [XSS] Faster invalidCharsRx initialization on Gecko 78 and above
- [XSS] More resilient name handling
- [nscl] Use HTTPS SyncMessage endpoint for Chromium too (works around lack of file access by default on packed extensions breaking NoScript)


NoScript for Firefox 11.2.16
- Fallback to synchronous policy fetching if the document is already loaded (e.g. on updates)
- [XSS] Interactive testing made a bit easier


NoScript for Firefox 11.2.15
- [Android] Work-around for Firefox "forgetting" tabs
- [nscl] Improved cross-frame auto-patching


NoScript for Firefox 11.2.13
- [XSS] Tweaked risky operator check prevents false positive on outbound Twitter navigation
- [XSS] Better logging for JS fragment detection
- [XSS] Fixed performance regression in invalid character ranges generation causing random XSS "DOS" false positives
- Fetch policy for baseURI if document.domain is empty
- [L10n] Updated ja, lt, pl, ru, zh_CN
- Always fetch policy synchronously, if missing
- Fixed undetermined status icon on BF cache page loads
- [nscl] Fix webgl blocking regression due to xray wrappers confusion (thanks skriptimaahinen)
- [nscl] Prevent unnecessary breakages on pages inspecting canvas.getContext when webgl is disabled
- [nscl] Reduce the risk to interfere with scripts messing with the media attribute (issue #207)


NoScript for Firefox 11.2.11
- [nscl] Fixed JavaScript access to CSS rules broken on Chromium when unrestricted CSS is disabled
- Prevent Chromium builds from being sent to AMO for signing
- [nscl] Fixed CPU/RAM overload on some pages with unrestricted CSS disabled but scripting enabled (not recommended setting)
- [nscl] Fixed CPU spikes on Chromium triggered by automatic file downloads (thanks ptheborg for report)


NoScript for Firefox 11.2.10
- Cross-browser file naming consistency, in spite of version numbering incompatibilities
- [nscl] Fix for potential race conditions on certain page transitions (issue #205)
- Handle exception when accessing navigator.serviceWorker on sandboxed frames
- MS Edge support


NoScript for Firefox 11.2.9
- [L10n] Updated de, mk
- Replace deprecated extension.getURL() with runtime.getURL()
- REUSE-compliant licensing boilerplate
- Remove unused/refactored-out files
- Relicensing as GPL3+
- [nscl] Fixed infinite recursion issue on window.open wrappers
- Avoid treating JavaScript files as embeddings when opened as top-level documents


NoScript for Firefox 11.2.8
- Quiet down unnecessary debug logging
- [L10n] Updated he, de
- Fix meta refresh sometimes ignored on Firefox 78 ESR
- Chromium-specific build-time customizations


NoScript for Firefox 11.2.7
- Better prompt layout (no accidental scrollbar)
- [nscl] Fix regression causing media patches to break some pages


NoScript for Firefox 11.2.6
- [nscl] Various webgl blocking enhancements
- Remove also sticky-positioned elements with click+DEL on scriptless pages
- [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW
- Fied race condition causing eternal CSS not to be rendered sometimes when unrestricted CSS is disabled
- Avoid document rewriting for noscript meta refresh emulation in most cases
- [nscl] Fied HTML pages broken when served with application/ml MIME type and no "object" capability
- [nscl] Switch early content script configuration to use /nscl/service/DocStartInjection.js
- Configurable "unrestricted CSS" capability to for sites where the CSS PP0 mitigation should be disabled (e.g TRUSTED)
- [nscl] Fi CSS PP0 mitigation still interfering with some WebEtensions
- [SS] Increased sensitivity and specificity of risky operator pre-checks


NoScript for Firefox 11.2.4
- CSS resources prefetching as a mitigation against CSS PP0
- [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR, Ru, sq, tr, zh_CN
- [nscl] Inteception of webgl context creation in OffscreenCanvas too
- Fixed configuration upgrades not applied on manual updates (thanks Nan for reporting)
- Mitigation for misbehaving pages repeating failed requests in a tight loop
- [UI] More understandable label for the cascading Restrictions option
- [nscl] More refactoring out in NoScript Commons Library
- [nscl] patchWindow improvements


NoScript for Firefox 11.2.3
- Purged non-inclusive terms from obsolete messages
- Added red halo feedback in CUSTOM preset for noscript
- Element capability
- Fixed missing red halo feedback in CUSTOM preset for
- Inline scripts and other capabilities sometimes
- Fixed race condition causing noscript elements not to be
- Rendered sometimes


NoScript for Firefox 11.2.2
- Fixed typo in version checked on noscript capability update
- [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW.


NoScript for Firefox 11.2
- [XSS] New UI to reveal and selectively remove permanent user choices
- [L10n] Updated de
- Webgl hook refactored on nscl/content/patchWindow.js and made Chromium-compatibile
- Updated TLDs


NoScript for Firefox 11.1.9
- Return null when webgl is not allowed
- [SS] Fied memoization bug resulting in performance degradation on some payloads
- [SS] Include call stack in debugging log output
- [SS] Skip naps when InjectionChecker runs in its own worker
- Shortcut for easier SS filter testing
- More lenient filter to add a new entry to per-sitepermissions
- [L10n] Updated de
- Replace script-embedded bitmap with css-embedded SVG as the placeholder logo
- Updated TLDs
- Remove source map reference causing console noise
- Fi per-site permissions UI glitches when base domain is added to eisting subdomain


NoScript for Firefox 11.1.8
- [XSS] Fix for old pre-screening optimization exploitable
- To bypass the filter in recent browsers
- Replace DOM-based entity decoding with the he.js pure JS Library
- Updated copyright statement
- Updated browser-polyfill.js
- Removed obsolete fastclick.js dependency [l10n] Updated de Updated TLDs


NoScript for Firefox 11.1.7
- Optimize serviceWorker tracking for heavy tabs usage
- Force placeholder visibility on Youtube embeddings
- Fixed popup opening being slowed down if options UI is
- Opened (thanks Sirus for report)
- Explicit failure for wrong settings importation formats
- Updated TLDs


NoScript for Firefox 11.1.6
- Better handling of concurrent prompts issues
- Remove z-index boosting from ancestors when placeholder is Collapsed or replaced
- Fixed permission keyboard shortcuts being triggered with Modifiers like CTRL
- More accurate blockage reporting, with better filtering of Page's own CSP effects
- [UI] Fixed bug in CUSTOM sites filtering
- Fixed bug in automatic HTML events build-time updates
- Updated HTML events
- Updated TLDs
- [L10n] Updated sv_SE Better handling 0 width / 0 height media placeholders


NoScript for Firefox 11.1.5
- Updated TLD
- Fixed potential infinite loop via DOMContentLoaded
- Work-around for Firefox 82 media redirection bug
- Updated TLDs


NoScript for Firefox 11.1.4
- Fixed sloppy CSP media blocker detection breaking MSE blob: media placeholders on Chromium
- Fixed race condition causing temporary settings not to
- Survive updates sometimes
- Updated TLDs
- [Mobile] Improved prompts appearance on Android


NoScript for Firefox 11.1.3
- Fixed regression: document media and font restrictions always cascaded (thanks BrainDedd for report)
- Remove domPolicy logging when debugging is off
- Trivial reordering from Mozilla source
- Updated TLDs


NoScript for Firefox 11.1.1
- Updated TLDs
- Better heuristic to figure out missing data while computing contetual policies
- Fied regression breaking per-tab restrictions disablement (thanks Horsefly for report)


NoScript for Firefox 11.0.46
- Updated TLDs
- [L10n] Updated is
- Fixed file:// and ftp:// specific content scripts not runnning in subdocuments
- Fixed deferred scripts in file:// pages may run twice (issue #155)
- Fixed rendering bug with scrolled file:// pages on soft reload (thanks Iouri for report)
- Fixed 11.0.44 regression: ghost media item reported on every page
- Better emulation of SVG events


NoScript for Firefox 11.0.44
- Dispatch synthetic SVGLoad event in soft load when needed
- [L10n] Updated da, es
- Fixed namespacing issues with script replacements
- Fixed media placeholder not shown when blocking Youtube
- Movies
- Work around for unpredictable content script execution
- Order
- Ensure content of NoScript prompts is always visible
- Fixed soft reload messing with non UTF-8 encodings (thanks
- "Quest" for reporting)
- Updated TLDs
- [XSS] Fixed escape detection bug causing strage false
- Positives (thanks Dave Howorth for report)


NoScript for Firefox 11.0.43
- Fix for some race conditions causing corruptions in non-HTML non-XML documents


NoScript for Firefox 11.0.42
- Avoid useless "seen" reports from onBeforeRequest()
- Catch broadcast messaging errors
- Make build.sh tag push even already created tags
- Updated TLDs
- Work-around for applying DOM CSP to non-HTML XML documents
- Document freezing to handle SVG and other XML documentsas a fallback before CSP insertion

Refactored and improved syncFetchPolicy fallback for file:
- and ftp: special cases


NoScript for Firefox 11.0.41
- More precise event suppression mechanism
- Fixed regression: events suppressed on file:// pages
- Unless scripts are allowed
- Updated TLDs


NoScript for Firefox 11.0.40
- Avoid synchronous policy fetching whenever possible (fixes multiple issues)


NoScript for Firefox 11.0.39
- Fix reload loops on broken file: HTML documents
- [XSS] Updated HTML event attributes
- Local policy fallback for file: and ftp: URLs using window.name rather than sessionStorage
- [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW
- Added "Revoke temporary permissions on NoScript updates, even if the browser is not restarted" advanced option
- Let temporary permissions survive NoScript updates (shameless hack)
- Fixed some traps around Messages abstraction
- Ignore search / hash on policy matching of domain-less URLs (e.g. file:///...)
- Updated TLDs
- Fixed automatic scrolling hampers usability on long sites lists in popup
- Better timing for event attributes removal/restore
- Work-arounds for edge cases in synchronous page loads bypassing webRequest


NoScript for Firefox 11.0.38
- Better timing for event attributes removal/restore
- Work-arounds for edge cases in synchronous page loads
- Bypassing webRequest
- [L10n] Updated bn


NoScript for Firefox 11.0.37
- Simpler and more reliable sendSyncMessage implementation and usage
- sendSyncMessage support for multiple suspension requests (should fix extension script injection issues)
- Updated TLDs


NoScript for Firefox 11.0.36
- Fixed regression: temporary permissions revocation not working anymore on privileged pages
- SendSyncMessage script execution safety net more compatible with other extensions (e.g. BlockTube)


NoScript for Firefox 11.0.35
- Avoid unnecessary reloads on temporary permissions revocation
- [UI] Removed accidental cyan background for site labels
- [L10n] Updated es
- Work-around for conflict with extensions inserting elements into content pages' DOM early
- [XSS] Updated HTML events
- Updated TLDs
- Fixed buggy policy references in the Options dialog
- More accurate NOSCRIPT element emulation
- Anticipate onScriptDisabled surrogates to first script-src none' CSP violation
- isTrusted checks for all the content events
- Improved look in mobile portrait mode
- Let SyncMessage prevent undesired script execution scheduled during suspension


NoScript for Firefox 11.0.34
- Fixed regression breaking network-based CSP injection


NoScript for Firefox 11.0.33
- Switch from HTTP to DOM event based CSP reporting in Compatible browsers
- [XSS] Updated HTML event attributes
- Updated TLDs


NoScript for Firefox 11.0.32
- [L10n] Updated it, mk, sv_SE
- Fixed setting CUSTOM permissions in private mode may cause
- The TRUSTED preset to become temporary
- Updated TLDs
- [XSS] Updated HTML 5 events support
- More compact high contrast appearance


NoScript for Firefox 11.0.31
- Focus "OK" button on dialog-mode UI
- Fixed various toolbar buttons DnD issues
- Updated TLDs
- [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW
- Fixed very low contrast HTTPS-only label in High Contrast mode


NoScript for Firefox 11.0.29
- Consistent focus appearance across desktop and mobile
- Fixed regression on Firefox 68 for Android: UI cannot be closed

Join our mailing list

Stay up to date with latest software releases, news, software discounts, deals and more.

Subscribe