Thanks for upgrading NoScript!
what is it?featureschangelogscreenshotsforumfaqget it!
NoScript
V. 1.8.3.6 - Your Browser is YOURS
Congratulations, you've got the latest version.
Main good news:
* Bugs and Firefox 3.1 compatibility issues fixed.
* Updated and new translations.
* Improved usability and unobtrusiveness of the unique ClearClick anti-ClickJacking technology, disabling user interaction with partially obstructed or not clearly visible embedded objects. Enabled by default on untrusted pages, you can configure it to work on trusted pages as well in NoScript Options|Plugins.
* New Forbid <FRAME> option for cross-site legacy frames, independent from Forbid <IFRAME>. Not to weaken IFRAME protection, legacy cross-site frames which are nested inside same-site IFRAMEs are blocked anyway.
* NoScript Options|Plugins|Opaque embedded objects preference to defeat opacity-based attacks.
* Restored compatibility with 1.5.0.x (note: due to technical limitations of Gecko 1.8, ClearClick is not available but you still get good anti-clickjacking protection from Opaque embedded objects and maximum from Forbid <IFRAME>/<FRAME>)
* Frame breaker emulation on pages where JavaScript is disabled, i.e. something like if (self != top) top.location = location will work.
* Suite of features enhancing HTTPS effectiveness:
1. Force HTTPS on most sensitive sites
2. Option to disable active content on whitelisted sites which are not served through HTTPS, either always or when connecting through a proxy ("Tor mode"), to mitigate domain spoofing risks in hostile environments
3. Automatic and customizable Secure Cookie Management, to protect against HTTPS cookie hijacking. Important: if you got troubles logging in on some sites with this feature on, please get latest development build and, if it does not help, follow the easy advices given in this FAQ
* Several improvements in blacklisting mode: even if whitelisting is still the recommended safest mode, you can use Allow scripts globally and still block sites you mark as untrusted. More important, you can still enjoy full Anti-XSS protection or be protected against ClickJacking even while you're keeping JavaScript allowed everywhere.
