-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-10600 2010-06-30 14:47:14 --------------------------------------------------------------------------------
Name : mozilla-noscript Product : Fedora 13 Version : 1.9.9.97 Release : 1.fc13 URL : http://noscript.net/ Summary : JavaScript white list extension for Mozilla Firefox Description : The NoScript Firefox extension provides extra protection for Firefox. It allows JavaScript, Java, Flash and other plug-ins to be executed only by trusted web sites of your choice (e.g. your online bank) and additionally provides Anti-XSS protection. -------------------------------------------------------------------------------- Update Information: Last changes: [+] new feature, [x] bug fix, [-] removed feature, [=] repackaging or cosmetic change v 1.9.9.97 ========================================================================== x Fixed ClearClick false positives on Fx 3.5 and below (thanks Deniz Sofu for reporting) x Compatibility version bump for Seamokey trunk v 1.9.9.97rc1 ========================================================================== x Fixed '@' surrogates being ran on scriptless pages x Recentering on the parent form for ClearClick checks over a form widget reduces false positives over obstructed frames v 1.9.9.96 ========================================================================== x Fixed Script Surrogates activation glitches v 1.9.9.95 ========================================================================== x Fixed wrongly sized placeholders on Youtube (regression from rc1) v 1.9.9.95rc2 ========================================================================== x More accurated feedback on nested object blocking (thanks al_9x for reporting) + External filters command line template updated with request origin as the 3rd argument v 1.9.9.95rc1 ========================================================================== + imagebam surrogate kills popups over images and popunders on click + imagehaven surrogate kills popups over images and popunders on click + inserstitialBox surrogate kills interstital on imagevenue.com + "!@" prefixed surrogates run no matter whether scripts are enabled or disabled for the page (in a DOMContentLoaded event handler) x Fixed JS redirect handling causing duplicate object placeholders on scriptless pages containing embeddings only x Fixed ABE's SELF checks fail on redirects which contain a browser URL v 1.9.9.94 ========================================================================== x Fixed bookmarklets support on non-whitelisted pages broken in non-Places browsers like SeaMonkey (thanks therube for reporting) X Better icon feedback on page where there's no script element but some plugin content has been blocked v 1.9.9.93 ========================================================================== x Fixed ClearClick false positives when RTL content or browser settings put the vertical scrollbar on the left (thanks Mark Callow for report) x Fixed setting noscript.checkInjectionType to false did not disable the feature (thanks al_9x for report) x More accurate embedded object replacement (thanks al_9x for report) v 1.9.9.92 ========================================================================== x Fixed Places-related bug on Minefield (thanks mpz for reporting) x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2 (allow same domain) if either the parent or the frame is marked as untrusted (thanks al_9x for suggestion) v 1.9.9.91 ========================================================================== x More compatible docShell reaching, works around some buggy extensions which wrap browser.webNavigation just partially x InjectionChecker's XML reduction more compatible with SAML v 1.9.9.90 ========================================================================== + Optimal timing for page-level surrogates in frames x ClearClick exceptions are considered independently from the JavaScript whitelist as they should x More consistent web bugs blocking with forced NOSCRIPT elements, take 2 (thanks al_9x for reporting) v 1.9.9.89 ========================================================================== x More consistent web bugs blocking with forced NOSCRIPT elements, take 2 (thanks al_9x for reporting) x More consistent icon feedback with docShell- based cascading JS blocking (thanks al_9x for reporting) v 1.9.9.88 ========================================================================== x Inclusion type checks try to infer file type from directory-like URLs x More consistent web bugs blocking with forced NOSCRIPT elements x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for reporting) x Version compatibility bump to Firefox 3.7a6pre v 1.9.9.87 ========================================================================== x Improved URL parsing in META refresh interception x Optimized * universal pattern in AddressMatcher x Better error reporting during the execution of location bar scriptlets v 1.9.9.86 ========================================================================== + Better timing for page-level script surrogates inside frames + mime/t...@http://site.com syntax support for noscript.allowedMimeRegExp preference (thanks Gregyski for request) + Improved XSS checks accuracy (less false positives) and performance + Enhanced management of recent Silverlight versions (thanks al_9x for reporting) v 1.9.9.85 ========================================================================== + More accurate checks for META inside NOSCRIPT with HTML 5 parser x Fixed possible DOS condition on some kinds of very long URLs v 1.9.9.84 ========================================================================== x Improved heuristic for background refresh automatic blocking and reenablement x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element v 1.9.9.83 ========================================================================== x Fixed some sites refreshing themselves even if another load has been initiated (thanks Dirk S for reporting) v 1.9.9.82 ========================================================================== + More discreet and automated anti-tabnagging protection (refreshes are blocked on unfocused tabs and get automatically executed only when tab gets in focus again) + Slight optimization of AddressMatcher tests on .site.com clauses x Fixed noscript.forbidBGRefresh.exceptions not being honored x Better handling of error conditions happening during ABE's channel replacement internal redirections (thanks al_9x for reporting) x Fixed minor feedback icon glitches (thanks al_9x for reporting) v 1.9.9.81 ========================================================================== + Experimental blocking of page refreshes happening inside untrusted unfocused tabs, should provide protection against Aviv Raff's scriptless "tabnagging" variant. Enabled by default, can be controlled through the noscript.forbidBGRefresh about:config integer preference: 0 - no blocking 1 - block refreshes on untrusted unfocused tabs 2 - block refreshes on trusted unfocused tabs 3 - block refreshes on both trusted and untrusted unfocused tab Address patterns matching pages which shouldn't be affected can be listed in the noscript.forbidBGRefresh.exceptions preference x Fixed XSS false positive in new 3.7 add-ons manager x Fixed meta-refresh URL parsing mismatch x Fixed import script surrogates being broken by a 1.9.9.79 regression Changes since last version: [+] new feature, [x] bug fix, [-] removed feature, [=] repackaging or cosmetic change v 1.9.9.87 ========================================================================== x Improved URL parsing in META refresh interception x Optimized * universal pattern in AddressMatcher x Better error reporting during the execution of location bar scriptlets v 1.9.9.86 ========================================================================== + Better timing for page-level script surrogates inside frames + mime/t...@http://site.com syntax support for noscript.allowedMimeRegExp preference (thanks Gregyski for request) + Improved XSS checks accuracy (less false positives) and performance + Enhanced management of recent Silverlight versions (thanks al_9x for reporting) v 1.9.9.85 ========================================================================== + More accurate checks for META inside NOSCRIPT with HTML 5 parser x Fixed possible DOS condition on some kinds of very long URLs v 1.9.9.84 ========================================================================== x Improved heuristic for background refresh automatic blocking and reenablement x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element v 1.9.9.83 ========================================================================== x Fixed some sites refreshing themselves even if another load has been initiated (thanks Dirk S for reporting) v 1.9.9.82 ========================================================================== + More discreet and automated anti-tabnagging protection (refreshes are blocked on unfocused tabs and get automatically executed only when tab gets in focus again) + Slight optimization of AddressMatcher tests on .site.com clauses x Fixed noscript.forbidBGRefresh.exceptions not being honored x Better handling of error conditions happening during ABE's channel replacement internal redirections (thanks al_9x for reporting) x Fixed minor feedback icon glitches (thanks al_9x for reporting) -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 30 2010 Thomas Spura <[email protected]> - 1.9.9.97-1 - new version * Sat Jun 12 2010 Thomas Spura <[email protected]> - 1.9.9.87-1 - new version * Fri May 28 2010 Thomas Spura <[email protected]> - 1.9.9.81-1 - new version * Mon May 24 2010 Thomas Spura <[email protected]> - 1.9.9.79-1 - new version * Sun May 16 2010 Thomas Spura <[email protected]> - 1.9.9.74-1 - new version - renew patch * Thu Apr 22 2010 Thomas Spura <[email protected]> - 1.9.9.69-1 - new version * Mon Apr 19 2010 Thomas Spura <[email protected]> - 1.9.9.66-1 - new version -------------------------------------------------------------------------------- References: [ 1 ] Bug #607534 - mozilla-noscript-1.9.9.97 is available https://bugzilla.redhat.com/show_bug.cgi?id=607534 [ 2 ] Bug #602181 - mozilla-noscript-1.9.9.87 is available https://bugzilla.redhat.com/show_bug.cgi?id=602181 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update mozilla-noscript' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
