New Update NoScript Security Suite

[Berny]

+1

 

[LinuxFan58]

I use it in my daily FF...

I have used it until Windows offered running Edge in a Virtual Containor (figured the build-in browser sandbox and VM sortof reduced webbased threats to near Zero).

But I used FF with Sandboxie and Noscript before that.

 

[piquiteco]

I still use NoScript in my daily Firefox/Chrome usage. More specifically on my Linux distro.

 

[silversurfer]

NoScript 13.5.6 (already released for Firefox)

v 13.5.6
============================================================
x file:// quirk mode compatibility, thanks peterbg for
reporting
x Add option to disable automatic page reloading on
permissions change (fixes issue #42)

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[LinuxFan58]

I installed NoScript for old times sake and noticed it has an easy/allow option (reverting the default deny to default allow: "Automatically apply top-document's permissions to subdocuments and inclusions not configured yet"). I also enabled the third option (blocking top document capabilities in sub documents).

When I visited CNN and BBC I noticed that the CUSTOM icon is replaced by "temporarily AUTO-TRUSTED" with a clock.

When I clicked on the AUTO-TRUSTED icon, it changed to old CUSTOM icon (clicking custom allowed me to set custom capabilities for a domain).

 

[LinuxFan58]

The Chrome sandbox has probably become so strong that the need for additional containment has lowered. Also uBO with its dynamic filtering (on Firefox) probably took a big bite out of NoScript's user base. NoScript used to have a block all (first and third-party) risky stuff mode and a block only third-party risky stuff (temporarely set top domain to trusted).

This new mode adds a third mode (allow all, blacklist some by setting it to untrusted). Use case I can think of is are Brave and Vivaldi users who want to see what is happening under the hood with Noscript (is easier than using the browser's inspect mode) and may blacklist stuff missed by the build-in adblocker.

 

[Sampei.Nihira]

The Chrome sandbox has probably become so strong that the need for additional containment has lowered. Also uBO with its dynamic filtering (on Firefox) probably took a big bite out of NoScript's user base. NoScript used to have a block all (first and third-party) risky stuff mode and a block only third-party risky stuff (temporarely set top domain to trusted).

This new mode adds a third mode (allow all, blacklist some by setting it to untrusted). Use case I can think of is are Brave and Vivaldi users who want to see what is happening under the hood with Noscript (is easier than using the browser's inspect mode) and may blacklist stuff missed by the build-in adblocker.

Chrome sandbox does not reach its full potential by default.

 

[LinuxFan58]

I am playing with this new easy-allow NOScript mode in my Brave surfing profile for a few days (to find out whether a blacklist and anomaly tripwire has any practical use).

Because TRUSTED is the new DEFAULT (auto-trusted) mode, I decided to allow in TRUSTED only common capabilities to make it new default . Most websites should run fine with only below common capabilities (scripts, media, iframes, font, xmlhttprequests, lazy load and cascading style sheets).

To have a one-click allow all option, I used the DEFAULT profile to allow all, except depreciated plugins (objects) and LAN-access (I don't see why websites should access your LAN, maybe more knowledgeable members could explain what the use case for LAN-access is).

In this adopted EASY-ALLOW mode BBC.com and CNN.com work fine. I will test ride this setup for a few days and report issues encountered. Because scripts and subframes are still allowed it does not reduce third-party exposure a lot. By disabling less used capabilities this reduces the attack surface a bit, but its value lies in anomaly detection (NoScript will show blocked number in the icon when a website requires more capabilities, by setting it to default you can grant additional capabilities).

 

[silversurfer]

NoScript 13.5.7 (already released for Firefox)

v 13.5.7
============================================================
x [nscl] Improved document freezing and CSP insertion
x Control manually navigated top-level data: URIs
(tor-browser#44482)

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

NoScript 13.5.9 (seems released only for Firefox)

v 13.5.9
============================================================
x Fix missing https-only icon regression (thanks Ingo Brückl for reporting)

---

v 13.5.8
============================================================
x Fix site label misalignment (thanks Ingo Brückl for reporting)

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

NoScript 13.5.10 (released for Firefox and later for Chrome)

v 13.5.10
============================================================
x [UX] Smoother popup initialization
x [UX] Scrolling area optimization
x [UX] Fickering reduction
x [UX] Various visual tweaks

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

Version 13.5.12 (released for Firefox)

v 13.5.12
============================================================
x Convert PNG images to WEBP
x [UX][Android] Improve support for increased font size configurations
x Make deploy2tor.sh default to latest unpacked firefox manifest.json
x [UX] Fix first selected preset not being focused automatically on popup opening (issue #506)
x Prevent mid-session updates on Android in global PMB (tor-browser#44398)
x [UX] Fix keyboard navigation regression (issue #506)
x [UX] Improved readability of focused icon buttons

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

Version 13.5.15 (released for Chrome)

v 13.5.15
============================================================
x [Chromium] Fix null origin subdocuments always getting the fallback locked down policy
x [nscl] [Chromium] Prevent uuid() from polluting Main World browser contexts (#508)
x [nscl] [Chromium] Cross-browser worklet patching

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

Version 13.6.3 (released for Firefox)

v 13.6.3
x [UI] Improved gesture initiation calibration
x [Android] Fixed gesture not opening the popup on Firefox Nightly

v 13.6.2
x [Android] Auto-close the site UI tab when right-swiping to home
x Add "S" gesture to open NoScript UI

v 13.6.1
x [nscl] Fix manifest version filter omitting scripts from html documents (thanks ppxxbu for reporting)

v 13.6
x Hardened subcontext environment modification machinery
x Improved stable/pre channel assignment by version number matching
x Autoreload extension on UI initialization failure
x Simplify policy fetching
x Refactor and rationalize edge case sync/async policy fetching
x [Chromium] Fix null origin subdocuments always getting the fallback locked down policy
x [nscl] [Chromium] Prevent uuid() from polluting Main World browser contexts (#508)
x [nscl] [Chromium] Cross-browser worklet patching

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

Version 13.6.1 (released for Chrome)

v 13.6.1
============================================================
x [nscl] Fix manifest version filter omitting scripts from html documents (thanks ppxxbu for reporting)

v 13.6
============================================================
x Hardened subcontext environment modification machinery
x Improved stable/pre channel assignment by version number matching
x Autoreload extension on UI initialization failure
x Simplify policy fetching
x Refactor and rationalize edge case sync/async policy fetching
x [Chromium] Fix null origin subdocuments always getting the fallback locked down policy
x [nscl] [Chromium] Prevent uuid() from polluting Main World browser contexts (#508)
x [nscl] [Chromium] Cross-browser worklet patching

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

Version 13.6.6 (released for Firefox)

v 13.6.6
============================================================
x [XSS] Fix false positives regression due to the MV3 WIP (issue #520)

v 13.6.5
============================================================
x [UX] "S" gesture: change default to disabled
x [UX] "S" gesture on-screen description and lower activation threshold (issue #519)

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

Version 13.6.7 (already released for Chrome)

v 13.6.7
============================================================
x Removed some dead code
x Translations update from Localization Lab (#530)
x [UX] Site UI styling tweaks
x Explicit namespaces to create HTML elements
x [UX] Slightly increased icon button sizes
x [UX] font-size adjustments
x [UX] Scroll to customizer when editing the CUSTOM preset
x [UX][Android] Exclude multi-touch from closing gestures
x [UX][Android] Make site UI dismissal easier and more intuitive by touching page in the background
x Fix onboarding page header layout regression
x new translations from weblate (#526)
x [UX][Android] Exempt actual drawing applications from gesture detection (issue #522)
x [UX][Android] Optimize passive/active/capture in touch event listeners
x [nscl] Preserve focus across conservative document rewrites (issue#525)
x [L10n] Updated de, nl, uk (last merge from Transifex before deprecating it for Weblate)
x [L10n] Add script to merge two _locales directories
x [L10n] Updated bn, br, ca, da, de, el, es, fa, fi, fr, he,
is, it, ja, lt, mk, ms, nb_NO, nl, pl, pt_BR, pt_PT, ro,
ru, sq, sv_SE, tr, uk, zh_CN, zh_TW from Localization Lab

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

Version 13.6.10 (released for Chrome))

v 13.6.10
============================================================
x [nscl] Account for xray being unrelevant and missing in Worker scope when patching trustedTypes

v 13.6.9
============================================================
x [nscl] Multiple xray-related fixes (tor-browser#44778)
x Allow building if tree changes are not in the source code

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

Version 13.6.14 (released only for Chrome)

v 13.6.14.903
============================================================
x [nscl] Create placeholders for LAN requests
x Saner origin normalization for sandboxed iframes (thanks Security Research Labs for report)
x Notify sub_frame requests to parent content frame
x [UX][Android] Remove finger-size gating for gesture detection (issues #540, #541)

v 13.6.14.902
============================================================
x Fix gesture not recognized when RFP is on (issue #540)

v 13.6.14.901
============================================================
x [Gecko] Improved freezing/unfreezing for file:// documents (thanks Security Research Labs for report)

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net

 

[silversurfer]

Version 13.6.13 (released for Firefox)

13.6.13
============================================================
x Remove source comments from installable packages
x Replace browser-polyfill.js with an empty stub in Firefox builds
x Reduce console spam by deferring the logging of messaging errors due to premature unloading (tor-browser#44673)
x Ensure event hooking does not break window-level listeners

Changelog - NoScript - SAFE & PROUD!

The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

noscript.net