--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-a119d5d7df
2018-04-17 03:10:09.806609
--------------------------------------------------------------------------------

Name        : mozilla-noscript
Product     : Fedora 28
Version     : 10.1.7.5
Release     : 1.fc28
URL         : http://noscript.net/
Summary     : JavaScript white list extension for Mozilla Firefox
Description :
The NoScript Firefox extension provides extra protection for Firefox.
It allows JavaScript, Java, Flash and other plug-ins to be executed only by
trusted web sites of your choice (e.g. your online bank) and additionally
provides Anti-XSS protection.

--------------------------------------------------------------------------------
Update Information:

**NOTE**: All packaged Firefox add-ons are affected by Firefox bug
fedora#1508827 . A workaround is provided in the bug report. Please do not give
negative karma just because of that bug.  # Changes in 10.x (Quantum)  ##
10.1.7.5  * Fixed edge case CSP injection bug (thanks Rob Wu) * Optimized
dynamic script injection (thanks Rob Wu) * Fixed potential leak on dynamic
script injection (thanks   Rob Wu for report) * Now NoScript's UI on privileged
pages explains permissions   cannot be configured there, rather than bluntly
opening the   Options page (thanks Rob Wu for suggestion)  ## 10.1.7.4  * Fixed
script enablement status not correctly detected on   some pages rolling their
own CSP (causing NOSCRIPT element   and META refresh emulation not to be
triggered) * Fixed "Appearance" NoScript Options tab missing on Android * [XSS]
Fixed semicolon-separated JSON payloads DDOSing the   JSON-optimizer, e.g. with
syndication.twitter.com subframes   (thanks KonomiKitten and pal1000 for
reports) * [UI] Renamed "Scripts globally allowed (dangerous)" option   to "No
permissions enforcement (dangerous)" to better   reflect its actual effect *
[UI] Better feedback about "No permission enforcement" by   disabling the
"Preset customization" section and and the   "Per-site Permissions" tab * [UI]
Moved XSS-related options to the "Advanced" tab * Fixed disabled webgl breaking
feeds on script-enabled sites   (thanks pal1000 for reporting) * Enhanced
dynamic script injection if browser.contentScripts   API is available * Expanded
support for webgl canvas placeholders  # Changes in 5.x (Classic)  ## 5.1.8.5  *
Fixed edge case ABE Anon action loop with e10s enabled on   reload after new
rule (thanks barbaz for reporting) * Fixed JSON interactive view disabled by
cascading   restrictions (thanks jester for reporting) * Fixed ABE Anon action
loop with e10s enabled (thanks barbaz   for reporting)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1557592 - mozilla-noscript-10.1.7.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1557592
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade mozilla-noscript' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-le...@lists.fedoraproject.org

Reply via email to