FEDORA-2017-3897f32d27 created by rathann 2 years ago for Fedora 27
obsolete

NOTE: all packaged Firefox add-ons are affected by bug #1508827 , please don't give negative karma here, but add yourself to the bug instead.

This update brings back the SeaMonkey support with version 5.1.8.3, which is still maintained until June 2018.

Changes since 10.1.2:

  • Fix for linux rendering performance issues
  • First "Quantum" release candidate with Android support
  • Inverted order of domains vs full sites in popup
  • Settings import functionality, backward compatible with NoScript 5 formats
  • Settings export functionality
  • [XSS] The filter now automatically skips embedded documents which would normally be blocked
  • Base domain matching now uses a single dot rule for unknown, private or "fake" TLDs (e.g. www.acme.corp → acme.corp)
  • [XSS] Fixed regression from 10.1.5.6rc2 (thanks Masato Kinugava for reporting)
  • Better feedback for errors in the policy's debug JSON view (thanks E-Raser for RFE)
  • removed yandex.st from default whitelist (see https://forums.informaction.com/viewtopic.php?t=23655)
  • [XSS] Streamlined multiple unescaping standards handling
  • [XSS] Generalized work-around for browser's URL parsing oddities (thanks Masato Kinugava for reporting)
  • "Temporarily set top-level sites to TRUSTED" option
  • [XSS] Fixed user choices forgot across browser sessions
  • [UI] Clicking on the domain label now opens the "Security and privacy info" webpage (like middle click on "Classic").
  • "Reset to Defaults" button in the options window
  • Improved content script initialization logic (thanks Rob Wu for suggestions)
  • [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)
  • Fixed sites manually added from the Options textbox don't stick (thanks Just_Golem for reporting)
  • [UI] Clicking on the domain label now opens the "Security and privacy info" webpage (like middle click on "Classic").
  • "Reset to Defaults" button in the options window
  • Improved content script initialization logic (thanks Rob Wu for suggestions)
  • [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)
  • Fixed sites manually added from the Options textbox don't stick (thanks Just_Golem for reporting)
  • Fixed regression causing NoScript to ask to reload pages in order to show permissions more than once upon installation
  • Removed most animations causing older system to lag when large permissions lists are displayed in Options
  • Improved work-around for blank windows on Linux Firefox bug
  • Fixed XSS false positives on POST requests without data
  • Fixed regression from new "fail fast" XSS filter main loop, causing cross-site requests to Google to trigger false positives (thanks Steve M for reporting)
  • [XSS] Added "Always block requests from ... to ..." in XSS warning prompt
  • [XSS] Fixed url decoding bug (thanks Masato Kinugawa for reporting)
  • Fixed some blocked items not reported in the UI (thanks Bo Elam for reporting)
  • Changed the CSP internal report URI to noscript-csp.invalid (thanks Tom Schuster Mario Heiderich for RFE)
  • Removed unused MSE detection code (thanks Rob Wu for reporting)
  • Fixed script enablement feedback dependant on page's own CSP (thanks Rob Wu for reporting)
  • Fixed MSE detection injection using window.eval (thanks Rob Wu for reporting)
  • Fixed window being resized and NoScript UI shown in a separate popup when triggered on a maximized window
  • General performance improvement by removing unnecessary asynchronous webRequest listeners
  • Hotfix for wiped TRUSTED permissions
  • Hotfix for NoScript failing to load if XSS was disabled in previous session
  • Fixed immutable permissions for TRUSTED and UNTRUSTED presets negating all the others (thanks Stefan Scholl for reporting)
  • Work-around for Moz Bug #1402110 (thanks David Ross for reporting)
  • Fixed XSS whitelist not being cleared from Options
  • Fixed XSS whitelist trying to using sync even if disabled (thanks Rob Wu for reporting)
  • Work-around for Firefox not displaying NOSCRIPT elements on pages where scripts are blocked by CSP
  • The Alt+Shift+N shortcut now opens the NoScript UI also on windows with no toolbars containing NoScript's icon
  • "unsafe" (non-HTTPS) matching is now automatically selected on non-HTTPS pages (fixes the perception that you set a site to TRUSTED and it reverted to DEFAULT)
  • Full addresses are shown again to be choosen in UI, together with base domains
  • Better auto-reload logic
  • Fixed NoScript back-end to work also if sync storage is disabled (thanks Rob Wu for reporting)
  • Fixed potential fingerprinting through placeholder icon (thanks Rob Wu for reporting)

Changes since 5.1.7:

  • [XSS] Fixed regression (thanks Masato Kinugava for report)
  • [ABE] Restored Palemoon compatibility (thanks barbaz for patch)
  • [ABE] Fixed ruleset persistence (thanks barbaz for patch)
  • removed yandex.st from default whitelist (see https://forums.informaction.com/viewtopic.php?t=23655)
  • [XSS] Streamlined multiple unescaping standards handling
  • [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)

This update has been submitted for testing by rathann.

2 years ago
User Icon mastaiza commented & provided feedback 2 years ago
karma

works for me

This update has been pushed to testing.

2 years ago
User Icon robatino commented & provided feedback 2 years ago

Is this supposed to work with Firefox 56? It does not (though the latest version of mozilla-https-everywhere does). Under Addons it shows Version 10.1.5.8 which is disabled (instead of Version 5.1.8.3).

User Icon rathann commented & provided feedback 2 years ago

@robatino, no, the XUL version is installed in SeaMonkey-specific folder. Firefox will "see" only the WebExtension version, so this works only with FF57+.

User Icon rathann commented & provided feedback 2 years ago

@robatino I'm not doing anything different than mozilla-https-everywhere package, so either the WebExtension version is somehow compatible with FF56 or you have a local copy of the add-on in your home directory.

User Icon robatino commented & provided feedback 2 years ago

@rathann: I'm pretty sure I never installed it except as the package mozilla-https-everywhere, so it must be compatible with FF56. Addons shows Version 2017.11.21 (corresponding to the Fedora package), enabled (and not "LEGACY"). No big deal. I'm using mozilla-noscript-5.1.4-1.fc27.noarch.rpm for now.

This update has been obsoleted by mozilla-noscript-10.1.6-1.fc27.

2 years ago

Please login to add feedback.

Metadata
Type
bugfix
Severity
low
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Dates
submitted
2 years ago
in testing
2 years ago
BZ#1524389 mozilla-noscript-10.1.5.7 is available
0
0
BZ#1526199 User experience changed - No longer present for SeaMonkey users
0
0

Automated Test Results