NOTE: All packaged Firefox add-ons are affected by Firefox bug #1508827 . A workaround is provided in the bug report. Please do not give negative karma just because of that bug.

Changes in 10.x (Quantum)

10.1.7.5

  • Fixed edge case CSP injection bug (thanks Rob Wu)
  • Optimized dynamic script injection (thanks Rob Wu)
  • Fixed potential leak on dynamic script injection (thanks Rob Wu for report)
  • Now NoScript's UI on privileged pages explains permissions cannot be configured there, rather than bluntly opening the Options page (thanks Rob Wu for suggestion)

10.1.7.4

  • Fixed script enablement status not correctly detected on some pages rolling their own CSP (causing NOSCRIPT element and META refresh emulation not to be triggered)
  • Fixed "Appearance" NoScript Options tab missing on Android
  • [XSS] Fixed semicolon-separated JSON payloads DDOSing the JSON-optimizer, e.g. with syndication.twitter.com subframes (thanks KonomiKitten and pal1000 for reports)
  • [UI] Renamed "Scripts globally allowed (dangerous)" option to "No permissions enforcement (dangerous)" to better reflect its actual effect
  • [UI] Better feedback about "No permission enforcement" by disabling the "Preset customization" section and and the "Per-site Permissions" tab
  • [UI] Moved XSS-related options to the "Advanced" tab
  • Fixed disabled webgl breaking feeds on script-enabled sites (thanks pal1000 for reporting)
  • Enhanced dynamic script injection if browser.contentScripts API is available
  • Expanded support for webgl canvas placeholders

Changes in 5.x (Classic)

5.1.8.5

  • Fixed edge case ABE Anon action loop with e10s enabled on reload after new rule (thanks barbaz for reporting)
  • Fixed JSON interactive view disabled by cascading restrictions (thanks jester for reporting)
  • Fixed ABE Anon action loop with e10s enabled (thanks barbaz for reporting)

Logout Required
After installing this update it is required that you logout of your current user session and log back in to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-a119d5d7df

This update has been submitted for testing by rathann.

4 years ago

This update has been pushed to testing.

4 years ago

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for batched by rathann.

4 years ago

This update has been submitted for stable by bodhi.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
bugfix
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
BZ#1557592 mozilla-noscript-10.1.7.5 is available
0
0

Automated Test Results