FEDORA-2017-3897f32d27

NOTE: all packaged Firefox add-ons are affected by bug #1508827 , please don't give negative karma here, but add yourself to the bug instead.

This update brings back the SeaMonkey support with version 5.1.8.3, which is still maintained until June 2018.

Changes since 10.1.2:

• Fix for linux rendering performance issues
• First "Quantum" release candidate with Android support
• Inverted order of domains vs full sites in popup
• Settings import functionality, backward compatible with NoScript 5 formats
• Settings export functionality
• [XSS] The filter now automatically skips embedded documents which would normally be blocked
• Base domain matching now uses a single dot rule for unknown, private or "fake" TLDs (e.g. www.acme.corp → acme.corp)
• [XSS] Fixed regression from 10.1.5.6rc2 (thanks Masato Kinugava for reporting)
• Better feedback for errors in the policy's debug JSON view (thanks E-Raser for RFE)
• removed yandex.st from default whitelist (see https://forums.informaction.com/viewtopic.php?t=23655)
• [XSS] Streamlined multiple unescaping standards handling
• [XSS] Generalized work-around for browser's URL parsing oddities (thanks Masato Kinugava for reporting)
• "Temporarily set top-level sites to TRUSTED" option
• [XSS] Fixed user choices forgot across browser sessions
• [UI] Clicking on the domain label now opens the "Security and privacy info" webpage (like middle click on "Classic").
• "Reset to Defaults" button in the options window
• Improved content script initialization logic (thanks Rob Wu for suggestions)
• [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)
• Fixed sites manually added from the Options textbox don't stick (thanks Just_Golem for reporting)
• [UI] Clicking on the domain label now opens the "Security and privacy info" webpage (like middle click on "Classic").
• "Reset to Defaults" button in the options window
• Improved content script initialization logic (thanks Rob Wu for suggestions)
• [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)
• Fixed sites manually added from the Options textbox don't stick (thanks Just_Golem for reporting)
• Fixed regression causing NoScript to ask to reload pages in order to show permissions more than once upon installation
• Removed most animations causing older system to lag when large permissions lists are displayed in Options
• Improved work-around for blank windows on Linux Firefox bug
• Fixed XSS false positives on POST requests without data
• Fixed regression from new "fail fast" XSS filter main loop, causing cross-site requests to Google to trigger false positives (thanks Steve M for reporting)
• [XSS] Added "Always block requests from ... to ..." in XSS warning prompt
• [XSS] Fixed url decoding bug (thanks Masato Kinugawa for reporting)
• Fixed some blocked items not reported in the UI (thanks Bo Elam for reporting)
• Changed the CSP internal report URI to noscript-csp.invalid (thanks Tom Schuster Mario Heiderich for RFE)
• Removed unused MSE detection code (thanks Rob Wu for reporting)
• Fixed script enablement feedback dependant on page's own CSP (thanks Rob Wu for reporting)
• Fixed MSE detection injection using window.eval (thanks Rob Wu for reporting)
• Fixed window being resized and NoScript UI shown in a separate popup when triggered on a maximized window
• General performance improvement by removing unnecessary asynchronous webRequest listeners
• Hotfix for wiped TRUSTED permissions
• Hotfix for NoScript failing to load if XSS was disabled in previous session
• Fixed immutable permissions for TRUSTED and UNTRUSTED presets negating all the others (thanks Stefan Scholl for reporting)
• Work-around for Moz Bug #1402110 (thanks David Ross for reporting)
• Fixed XSS whitelist not being cleared from Options
• Fixed XSS whitelist trying to using sync even if disabled (thanks Rob Wu for reporting)
• Work-around for Firefox not displaying NOSCRIPT elements on pages where scripts are blocked by CSP
• The Alt+Shift+N shortcut now opens the NoScript UI also on windows with no toolbars containing NoScript's icon
• "unsafe" (non-HTTPS) matching is now automatically selected on non-HTTPS pages (fixes the perception that you set a site to TRUSTED and it reverted to DEFAULT)
• Full addresses are shown again to be choosen in UI, together with base domains
• Better auto-reload logic
• Fixed NoScript back-end to work also if sync storage is disabled (thanks Rob Wu for reporting)
• Fixed potential fingerprinting through placeholder icon (thanks Rob Wu for reporting)

Changes since 5.1.7:

• [XSS] Fixed regression (thanks Masato Kinugava for report)
• [ABE] Restored Palemoon compatibility (thanks barbaz for patch)
• [ABE] Fixed ruleset persistence (thanks barbaz for patch)
• removed yandex.st from default whitelist (see https://forums.informaction.com/viewtopic.php?t=23655)
• [XSS] Streamlined multiple unescaping standards handling
• [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)