FEDORA-2017-3897f32d27

bugfix update in Fedora 27 for mozilla-noscript

Status: obsolete

NOTE: all packaged Firefox add-ons are affected by bug #1508827 , please don't give negative karma here, but add yourself to the bug instead.

This update brings back the SeaMonkey support with version 5.1.8.3, which is still maintained until June 2018.

Changes since 10.1.2:

  • Fix for linux rendering performance issues
  • First "Quantum" release candidate with Android support
  • Inverted order of domains vs full sites in popup
  • Settings import functionality, backward compatible with NoScript 5 formats
  • Settings export functionality
  • [XSS] The filter now automatically skips embedded documents which would normally be blocked
  • Base domain matching now uses a single dot rule for unknown, private or "fake" TLDs (e.g. www.acme.corp → acme.corp)
  • [XSS] Fixed regression from 10.1.5.6rc2 (thanks Masato Kinugava for reporting)
  • Better feedback for errors in the policy's debug JSON view (thanks E-Raser for RFE)
  • removed yandex.st from default whitelist (see https://forums.informaction.com/viewtopic.php?t=23655)
  • [XSS] Streamlined multiple unescaping standards handling
  • [XSS] Generalized work-around for browser's URL parsing oddities (thanks Masato Kinugava for reporting)
  • "Temporarily set top-level sites to TRUSTED" option
  • [XSS] Fixed user choices forgot across browser sessions
  • [UI] Clicking on the domain label now opens the "Security and privacy info" webpage (like middle click on "Classic").
  • "Reset to Defaults" button in the options window
  • Improved content script initialization logic (thanks Rob Wu for suggestions)
  • [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)
  • Fixed sites manually added from the Options textbox don't stick (thanks Just_Golem for reporting)
  • [UI] Clicking on the domain label now opens the "Security and privacy info" webpage (like middle click on "Classic").
  • "Reset to Defaults" button in the options window
  • Improved content script initialization logic (thanks Rob Wu for suggestions)
  • [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)
  • Fixed sites manually added from the Options textbox don't stick (thanks Just_Golem for reporting)
  • Fixed regression causing NoScript to ask to reload pages in order to show permissions more than once upon installation
  • Removed most animations causing older system to lag when large permissions lists are displayed in Options
  • Improved work-around for blank windows on Linux Firefox bug
  • Fixed XSS false positives on POST requests without data
  • Fixed regression from new "fail fast" XSS filter main loop, causing cross-site requests to Google to trigger false positives (thanks Steve M for reporting)
  • [XSS] Added "Always block requests from ... to ..." in XSS warning prompt
  • [XSS] Fixed url decoding bug (thanks Masato Kinugawa for reporting)
  • Fixed some blocked items not reported in the UI (thanks Bo Elam for reporting)
  • Changed the CSP internal report URI to noscript-csp.invalid (thanks Tom Schuster Mario Heiderich for RFE)
  • Removed unused MSE detection code (thanks Rob Wu for reporting)
  • Fixed script enablement feedback dependant on page's own CSP (thanks Rob Wu for reporting)
  • Fixed MSE detection injection using window.eval (thanks Rob Wu for reporting)
  • Fixed window being resized and NoScript UI shown in a separate popup when triggered on a maximized window
  • General performance improvement by removing unnecessary asynchronous webRequest listeners
  • Hotfix for wiped TRUSTED permissions
  • Hotfix for NoScript failing to load if XSS was disabled in previous session
  • Fixed immutable permissions for TRUSTED and UNTRUSTED presets negating all the others (thanks Stefan Scholl for reporting)
  • Work-around for Moz Bug #1402110 (thanks David Ross for reporting)
  • Fixed XSS whitelist not being cleared from Options
  • Fixed XSS whitelist trying to using sync even if disabled (thanks Rob Wu for reporting)
  • Work-around for Firefox not displaying NOSCRIPT elements on pages where scripts are blocked by CSP
  • The Alt+Shift+N shortcut now opens the NoScript UI also on windows with no toolbars containing NoScript's icon
  • "unsafe" (non-HTTPS) matching is now automatically selected on non-HTTPS pages (fixes the perception that you set a site to TRUSTED and it reverted to DEFAULT)
  • Full addresses are shown again to be choosen in UI, together with base domains
  • Better auto-reload logic
  • Fixed NoScript back-end to work also if sync storage is disabled (thanks Rob Wu for reporting)
  • Fixed potential fingerprinting through placeholder icon (thanks Rob Wu for reporting)

Changes since 5.1.7:

  • [XSS] Fixed regression (thanks Masato Kinugava for report)
  • [ABE] Restored Palemoon compatibility (thanks barbaz for patch)
  • [ABE] Fixed ruleset persistence (thanks barbaz for patch)
  • removed yandex.st from default whitelist (see https://forums.informaction.com/viewtopic.php?t=23655)
  • [XSS] Streamlined multiple unescaping standards handling
  • [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)

Comments 8

This update has been submitted for testing by rathann.

works for me

karma: +1

This update has been pushed to testing.

Is this supposed to work with Firefox 56? It does not (though the latest version of mozilla-https-everywhere does). Under Addons it shows Version 10.1.5.8 which is disabled (instead of Version 5.1.8.3).

@robatino, no, the XUL version is installed in SeaMonkey-specific folder. Firefox will "see" only the WebExtension version, so this works only with FF57+.

@robatino I'm not doing anything different than mozilla-https-everywhere package, so either the WebExtension version is somehow compatible with FF56 or you have a local copy of the add-on in your home directory.

@rathann: I'm pretty sure I never installed it except as the package mozilla-https-everywhere, so it must be compatible with FF56. Addons shows Version 2017.11.21 (corresponding to the Fedora package), enabled (and not "LEGACY"). No big deal. I'm using mozilla-noscript-5.1.4-1.fc27.noarch.rpm for now.

This update has been obsoleted by mozilla-noscript-10.1.6-1.fc27.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
bugfix
Update Severity
low
Karma
+1
stable threshold: 2
unstable threshold: -2
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago

Related Bugs 2

00 #1524389 mozilla-noscript-10.1.5.7 is available
00 #1526199 User experience changed - No longer present for SeaMonkey users

Automated Test Results