MozillaZine

[ext] NoScript 1.8 - Your Browser is YOURS

Announce and Discuss the Latest Theme and Extension Releases.
Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted August 30th, 2008, 7:34 am

There's a browser safer than Firefox...
...it is Firefox with Image


NoScript - a Firefox extension for whitelist driven safe JavaScript/Java/Flash/Plugins execution plus the most powerful anti-XSS and anti-Clickjacking protection.

CHANGELOG


Previous discussion
Last edited by Giorgio Maone on January 31st, 2009, 7:28 am, edited 1 time in total.

therube

User avatar
 
Posts: 20072
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted August 30th, 2008, 7:51 am

Whoa there! That's WAY TOO BROAD, IMO.

> Make page permissions permanent
> command permanently enables every site shown as temporarily allowed by NoScript's menu

Perhaps if it only affected the current page's TA's (even that is broad IMO), but as it is, it globally Allows any page marked as TA. That should not be.

Looks like I was mis-understanding, mis-interpreting MPPP & what was happening.
I was not differentiating (one cannot really differentiate) between a page that had been TA'd & MPPP'd.
And in the same way, Revoke was only revoking TA'd pages & not MPPP'd pages.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Alan Baxter
 
Posts: 4419
Joined: May 30th, 2005, 2:01 pm
Location: Colorado, USA

Post Posted August 30th, 2008, 8:26 am

I hadn't realized that 1.8.0 was a release version already.

# Make page permissions permanent command permanently enables every site shown as temporarily allowed by NoScript's menu

As said, on the current page only, as indicated by the tooltip. This feature will make NoScript much easier to use for many users. I usually leave temporary permissions as temporary, but I realize that makes for a bit more work than many users desire.

# Improved tooltips for page-level enablement and temporary permission revocation commands, showing affected sites.

Great! Precise descriptions of what the commands will do. You rock, Giorgio. :D

PhilNY
 
Posts: 2
Joined: August 30th, 2008, 2:36 pm

Post Posted August 30th, 2008, 2:44 pm

Hello,
I have been having an issue using the Verizon Minutes Used extension with No Script, since the inclusion of the Block JAR remote resources... feature. It seems to work fine as soon as I uncheck the Block box. I assume that I need to add something to the JAR whitelist, but I am unable to determine what exactly needs to be added.

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted August 30th, 2008, 3:00 pm

@PhilNy:
the JAR blocking routine should log something in Tools|Error Console. Could you copy the message here?

PhilNY
 
Posts: 2
Joined: August 30th, 2008, 2:36 pm

Post Posted August 30th, 2008, 3:11 pm

Thanks for the lightening quick reply. Unfortunately, it will not be until tomorrow before I can check this. I disabled the feature on No Script, so the Minutes Used extension is currently working. It only requests the information every five hours, so when I log on tomorrow, I will check for any error messages. Thanks again!

javierdl

User avatar
 
Posts: 7
Joined: September 17th, 2004, 7:27 pm
Location: Montreal

Post Posted August 30th, 2008, 3:28 pm

Hi Giorgio,
First off, congrats on such an amazing Firefox plugin, and thank you kindly for sharing it with the rest of us :)
My only question so far is: How can I stop NoScript from using the first tab to show me its website everytime I open Firefox?

Thanks in advance and keep up the good work :)

Javier

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted August 30th, 2008, 4:17 pm

@javierdl:
It must not do it everytime you open Firefox, but just when NoScript gets updated, showing its release notes.
Even so you can turn off this behavior as explained here.

But if it's doing that everytime as you suggest, either something is preventing your preferences from being written (current version number should be stored as noscript.version in your about:config preferences) or you accidentally set it as your home page (check Tools|Options|Main|Startup).

luntrus

User avatar
 
Posts: 141
Joined: May 3rd, 2005, 1:37 pm
Location: Netherlands

Post Posted August 30th, 2008, 4:26 pm

Hi Giorgio Maone,

I have Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080830031750 Minefield/3.1b1pre ID:20080830031750 with NoScript 1.8 With Scripts Currently Forbidden I tried to reach this http: //www.jaascois.com/software/X-Code/JAAScoisX-Code.exe
and then landed here: http ://www.jaascois.com/?foiffs=in100fweg (see code)
Code: Select all
<!--
            top.location="http://www.jaascois.com/?prvtof=8b2VkUqfXDCVzkFMugBtMOdsGRurUMnApYmdYUlV1eTi%2B3zkL%2Fv9R6vry
068z8HfzLXHjhlETS%2BY%2FuLAfyuNHRQd4SCz4fWRmYyDZAHJDwRR%2BkBMo%2
FUTZSef7XGmGfOmvTWD%2BhwKq7CvQIR5c8BXqwJLYnw9kE3ohIoCxPnQkTxXA0t
AVejvzA8DxBNpLMZuAgGueyXFeBHdNtRcQyOKzVN%2FSo%2BV2T3Ah%2BAcwRgT5hNtFWptiFVH";
            /*
         -->
                     <script type="text/javascript">
            <!--
                  if(window.top != self)
                  {
                     window.top.location = "http://www.jaascois.com/?prvtof=8b2VkUqfXDCVzkFMugBtMOdsGRurUMnApYmdYUlV1eTi%2B3zkL%2Fv9R6vry
068z8HfzLXHjhlETS%2BY%2FuLAfyuNHRQd4SCz4fWRmYyDZAHJDwRR%2BkBMo%2FUT
ZSef7XGmGfOmvTWD%2BhwKq7CvQIR5c8BXqwJLYnw9kE3ohIoCxPnQkTxXA0tAVej
vzA8DxBNpLMZuAgGueyXFeBHdNtRcQyOKzVN%2FSo%2BV2T3Ah%2BAcwRgT5hNtFWptiFVH";
                  }
            // -->
            </script>
                        <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
               <frame src="http://www.jaascois.com/?foiffs=in100fweg&prvtof=8b2VkUqfXDCVzkFMugBtMOdsGRurUMnApYmdYUlV1eTi%2B3zkL%2Fv9R6vry068z
8HfzLXHjhlETS%2BY%2FuLAfyuNHRQd4SCz4fWRmYyDZAHJDwRR%2BkBMo%2FUTZSef7X
GmGfOmvTWD%2BhwKq7CvQIR5c8BXqwJLYnw9kE3ohIoCxPnQkTxXA0tAVejvzA8Dx
BNpLMZuAgGueyXFeBHdNtRcQyOKzVN%2FSo%2BV2T3Ah%2BAcwRgT5hNtFWptiFVH">
               </frameset>
               <noframes>
               <body bgcolor="#ffffff" text="#000000">
               <a href="http://www.jaascois.com/?foiffs=in100fweg&prvtof=8b2VkUqfXDCVzkFMugBtMOdsGRurUMnApYmdYUlV1eTi%2B3zkL%2Fv9R6vry068
z8HfzLXHjhlETS%2BY%2FuLAfyuNHRQd4SCz4fWRmYyDZAHJDwRR%2BkBMo%2FUTZ
Sef7XGmGfOmvTWD%2BhwKq7CvQIR5c8BXqwJLYnw9kE3ohIoCxPnQkTxXA0tAVej
vzA8DxBNpLMZuAgGueyXFeBHdNtRcQyOKzVN%2FSo%2BV2T3Ah%2BAcwRgT5hNtF
WptiFVH">Click here to proceed</a>.
               </body>
               </noframes>
         <!--
         */
         -->
   
Why did NoScript not protect me against this hack, or was it on the queried server? I recently see a lot of these hacks, why no one reports this hijack malware, is beyond me.

luntrus
Last edited by steviex on August 30th, 2008, 5:49 pm, edited 1 time in total.
Reason: Links Deactivated by steviex, Moderator.... Just remove the spaces if you want to go to link.
Fx forever

steviex
Moderator

User avatar
 
Posts: 28902
Joined: August 12th, 2006, 8:27 am
Location: Middle England

Post Posted August 30th, 2008, 4:34 pm

javierdl wrote:Hi Giorgio,
First off, congrats on such an amazing Firefox plugin, and thank you kindly for sharing it with the rest of us :)
My only question so far is: How can I stop NoScript from using the first tab to show me its website everytime I open Firefox?

Thanks in advance and keep up the good work :)

Javier


I suggest you make sure that noscript.net has not accidentally been added to your list of Home Pages....

Go to Tools > Options > Main, and have a look in the Home Page box... Click in the box, and scroll right, to see all the contents of the box...
Multiple Home Pages are separated by a | Character.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -Albert Einstein

Please DO NOT PM me for support... Lets keep it on the board, so we can all learn.

VeryMellow
 
Posts: 5
Joined: June 20th, 2008, 1:11 pm

Post Posted August 30th, 2008, 7:40 pm

Another tooltip thing:
when you hover over allow scripts globally it shows your current status (same as hovering over the icon on the bottom)
Shouldn't it say something else ?

javierdl

User avatar
 
Posts: 7
Joined: September 17th, 2004, 7:27 pm
Location: Montreal

Post Posted August 30th, 2008, 8:30 pm

Hi again Giorgio,
Thanks a bunch for the advice. I didn't think NoScript had added itself to the HomePage address as I had already done that for my web email client, but strangely enough... it did add itself there but it also kept the address I had entered myself, each address divided with this: |
As a result Firefox opens each address on a diff tab. Which is a very cool thing! I didn't know one could do this! I used to use a little plug in just to do that before! So I just proceeded to change the NoScript address for the 2nd one I wanted and voila! The problem is solved!
Thanks again Giorgio :)

Javier

Giorgio Maone wrote:@javierdl:
It must not do it everytime you open Firefox, but just when NoScript gets updated, showing its release notes.
Even so you can turn off this behavior as explained here.

But if it's doing that everytime as you suggest, either something is preventing your preferences from being written (current version number should be stored as noscript.version in your about:config preferences) or you accidentally set it as your home page (check Tools|Options|Main|Startup).

Giorgio Maone

User avatar
 
Posts: 3516
Joined: September 21st, 2004, 12:05 am
Location: Palermo - Italy

Post Posted August 31st, 2008, 1:00 am

@luntrus:
Could you explain what the "hack" is supposed to be?
I cannot see anything there which NoScript should prevent but happening despite of this.
Am I missing something?

kgbme

User avatar
 
Posts: 329
Joined: May 26th, 2005, 4:50 pm
Location: Belgrade

Post Posted August 31st, 2008, 6:39 am

Hi, thanks again for this marvel!..:) Just wondering, how come I've got the 1.7.9 version - when, 1.7.8 (edit: yes, yes that would be 1.8, instead of 1.7.8) = latest stable/dev version?!?? :S

Image Image

Development version

Latest development snapshot is identical to the official release above

Code: Select all
http://rapidshare.com/files/141551392/noscript-1.7.9.zip.html


ps. Giorgio Maone, I have PMed you the RapidShare delete link for this archive!..:)

pps. O-M-G 0k so I am stupid and I have used the link myself! xD Thank you again.

therube

User avatar
 
Posts: 20072
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted August 31st, 2008, 7:17 am

@luntrus:

At the moment, the entire jaascois.com domain is bogus. Looks to be one of those redirect pages that you might get rather the a 404 (or rather then being hacked altogether).

Anyhow, when I open http ://www.jaascois.com/software/X-Code/JAAScoisX-Code.exe, I "stay" on that page unless I click somewhere in the page. There is coding (in a frame in that page) that may redirect to http ://www.jaascois.com/?foiffs=in100fweg but perhaps you may need to click (somewhere) on the page for it to happen?
Code: Select all
<!--
top.location="http://www.jaascois.com/";
/*
-->
   <script type="text/javascript">
      <!--
         if(window.top != self)
         {
            window.top.location = "http://www.jaascois.com/";
         }
      // -->
   </script>

      <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
      <frame src="http://www.jaascois.com/?foiffs=in100fweg">
      </frameset>

      <noframes>
      <body bgcolor="#ffffff" text="#000000">
      <a href="http://www.jaascois.com/?foiffs=in100fweg">Click here to proceed</a>.
      </body>
      </noframes>
   <!--
   */
   -->


Try the same page in a clean Profile or after performing a Reset in NoScript & see if there is any difference.
Last edited by steviex on August 31st, 2008, 7:20 am, edited 1 time in total.
Reason: Links Deactivated again by steviex, Moderator.... Just remove the spaces if you want to go to link.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Return to Extension/Theme Releases


Who is online

Users browsing this forum: No registered users and 6 guests