stable
FEDORA-2017-9da99d757f created by rathann 4 years ago for Fedora 27

NOTE: all packaged Firefox add-ons are affected by bug #1508827 , please don't give negative karma here, but add yourself to the bug instead.

This update brings back the SeaMonkey support with version 5.1.8.3, which is still maintained until June 2018.

Changes since 10.1.2:

  • [XSS] Improved sensitivity of JSON whitelisting (thanks @SamuraiFoochs for reporting)
  • [XSS] Improved specificity of nested URL checks (thanks @SamuraiFoochs for reporting)
  • New configuration export implementation, more convoluted but not requiring the "downloads" permission
  • Fixed some XSS false positives
  • Fixed out of scale rendering regression on high DPI screens
  • Fix for linux rendering performance issues
  • First "Quantum" release candidate with Android support
  • Inverted order of domains vs full sites in popup
  • Settings import functionality, backward compatible with NoScript 5 formats
  • Settings export functionality
  • [XSS] The filter now automatically skips embedded documents which would normally be blocked
  • Base domain matching now uses a single dot rule for unknown, private or "fake" TLDs (e.g. www.acme.corp → acme.corp)
  • [XSS] Fixed regression from 10.1.5.6rc2 (thanks Masato Kinugava for reporting)
  • Better feedback for errors in the policy's debug JSON view (thanks E-Raser for RFE)
  • removed yandex.st from default whitelist (see https://forums.informaction.com/viewtopic.php?t=23655)
  • [XSS] Streamlined multiple unescaping standards handling
  • [XSS] Generalized work-around for browser's URL parsing oddities (thanks Masato Kinugava for reporting)
  • "Temporarily set top-level sites to TRUSTED" option
  • [XSS] Fixed user choices forgot across browser sessions
  • [UI] Clicking on the domain label now opens the "Security and privacy info" webpage (like middle click on "Classic").
  • "Reset to Defaults" button in the options window
  • Improved content script initialization logic (thanks Rob Wu for suggestions)
  • [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)
  • Fixed sites manually added from the Options textbox don't stick (thanks Just_Golem for reporting)
  • [UI] Clicking on the domain label now opens the "Security and privacy info" webpage (like middle click on "Classic").
  • "Reset to Defaults" button in the options window
  • Improved content script initialization logic (thanks Rob Wu for suggestions)
  • [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)
  • Fixed sites manually added from the Options textbox don't stick (thanks Just_Golem for reporting)
  • Fixed regression causing NoScript to ask to reload pages in order to show permissions more than once upon installation
  • Removed most animations causing older system to lag when large permissions lists are displayed in Options
  • Improved work-around for blank windows on Linux Firefox bug
  • Fixed XSS false positives on POST requests without data
  • Fixed regression from new "fail fast" XSS filter main loop, causing cross-site requests to Google to trigger false positives (thanks Steve M for reporting)
  • [XSS] Added "Always block requests from ... to ..." in XSS warning prompt
  • [XSS] Fixed url decoding bug (thanks Masato Kinugawa for reporting)
  • Fixed some blocked items not reported in the UI (thanks Bo Elam for reporting)
  • Changed the CSP internal report URI to noscript-csp.invalid (thanks Tom Schuster Mario Heiderich for RFE)
  • Removed unused MSE detection code (thanks Rob Wu for reporting)
  • Fixed script enablement feedback dependant on page's own CSP (thanks Rob Wu for reporting)
  • Fixed MSE detection injection using window.eval (thanks Rob Wu for reporting)
  • Fixed window being resized and NoScript UI shown in a separate popup when triggered on a maximized window
  • General performance improvement by removing unnecessary asynchronous webRequest listeners
  • Hotfix for wiped TRUSTED permissions
  • Hotfix for NoScript failing to load if XSS was disabled in previous session
  • Fixed immutable permissions for TRUSTED and UNTRUSTED presets negating all the others (thanks Stefan Scholl for reporting)
  • Work-around for Moz Bug #1402110 (thanks David Ross for reporting)
  • Fixed XSS whitelist not being cleared from Options
  • Fixed XSS whitelist trying to using sync even if disabled (thanks Rob Wu for reporting)
  • Work-around for Firefox not displaying NOSCRIPT elements on pages where scripts are blocked by CSP
  • The Alt+Shift+N shortcut now opens the NoScript UI also on windows with no toolbars containing NoScript's icon
  • "unsafe" (non-HTTPS) matching is now automatically selected on non-HTTPS pages (fixes the perception that you set a site to TRUSTED and it reverted to DEFAULT)
  • Full addresses are shown again to be choosen in UI, together with base domains
  • Better auto-reload logic
  • Fixed NoScript back-end to work also if sync storage is disabled (thanks Rob Wu for reporting)
  • Fixed potential fingerprinting through placeholder icon (thanks Rob Wu for reporting)

Changes since 5.1.7:

  • [XSS] Fixed regression (thanks Masato Kinugava for report)
  • [ABE] Restored Palemoon compatibility (thanks barbaz for patch)
  • [ABE] Fixed ruleset persistence (thanks barbaz for patch)
  • removed yandex.st from default whitelist (see https://forums.informaction.com/viewtopic.php?t=23655)
  • [XSS] Streamlined multiple unescaping standards handling
  • [XSS] Fixed 2nd level interactive bypass (thanks Masato Kinugava for reporting)

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2017-9da99d757f

This update has been submitted for testing by rathann.

4 years ago

This update has obsoleted mozilla-noscript-10.1.5.8-1.fc27, and has inherited its bugs and notes.

4 years ago

rathann edited this update.

4 years ago
User Icon mastaiza commented & provided feedback 4 years ago
karma

works for me

This update has been pushed to testing.

4 years ago

This update has been submitted for batched by rathann.

4 years ago

This update has been submitted for stable by bodhi.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
bugfix
Severity
low
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
modified
4 years ago
BZ#1524389 mozilla-noscript-10.1.5.7 is available
0
0
BZ#1526199 User experience changed - No longer present for SeaMonkey users
0
0
BZ#1527501 mozilla-noscript-10.1.6 is available
0
0

Automated Test Results