NoScript 10

Discussion in 'other software & services' started by Nanobot, Nov 14, 2017.

  1. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    820
    Location:
    UK
    Thank you Bo. :thumb:
     
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    24,794
    Location:
    U.S.A.
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    Thank you for posting, J R.

    Bo
     
  4. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    24,794
    Location:
    U.S.A.
    Bo, you're welcome! Take care.
     
  5. Alhaitham

    Alhaitham Registered Member

    Joined:
    May 18, 2013
    Posts:
    177
    Location:
    Egypt
    Updated and trying to adjust.

    Working great so far.
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    Thats what you got to do, thats all. :thumbd:

    Bo
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    They are going to keep rolling fast (I guess).......Version 10.1.3rc1 has been released.

    Release notes for 10.1.3c1

    v 10.1.3rc1
    =============================================================
    + Work-around for Firefox not displaying NOSCRIPT elements on
    pages where scripts are blocked by CSP
    + The Alt+Shift+N shortcut now opens the NoScript UI also on
    windows with no toolbars containing NoScript's icon
    x "unsafe" (non-HTTPS) matching is now automatically selected
    on non-HTTPS pages (fixes the perception that you set a
    site to TRUSTED and it reverted to DEFAULT)
    x Full addresses are shown again to be choosen in UI, together
    with base domains
    x Better auto-reload logic
    x Fixed NoScript back-end to work also if sync storage is
    disabled (thanks Rob Wu for reporting)
    x Fixed potential fingerprinting through placeholder icon
    (thanks Rob Wu for reporting)

    Bo
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    There have been 2 updates to NoScript in the last few hours. I tested version 10.1.3rc2 last night, it was a regression. In less than 5 minutes, I knew it was bad. Right away, I discovered I couldn't play videos in YouTube or CBS Sports. I didn't get to install it in my real system, thanks to Sandboxie :cool: (tested sandboxed)..

    But this morning, I found a new update being available, version v 10.1.3rc3. And is solid. The problems I found with 10.1.3rc2 are gone, neither cant replicate other issues I read been reported by other users. Anyway, its already installed in my real system and its got my zeal of approval. :)

    Release notes for 10.1.3c3


    v 10.1.3rc3
    =============================================================
    x Fixed immutable permissions for TRUSTED and UNTRUSTED
    presets negating all the others (thanks Stefan Scholl for
    reporting)
    x Work-around for Moz Bug #1402110 (thanks David Ross for
    reporting)
    x Fixed XSS whitelist not being cleared from Options
    x Fixed XSS whitelist trying to using sync even if disabled (
    thanks Rob Wu for reporting)

    Bo
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
  10. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    24,794
    Location:
    U.S.A.
    Understandable, and I like the direction that's being taken. :thumb:
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    I like it also, J R. NoScript is going to be fine.

    Bo
     
  12. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,158
    I had used Noscript for years before I switched to uMatrix - and quite frankly, I cannot understand the brouhaha about Noscript. The scope concept in uMatrix (which has been improved recently) is absolutely brilliant, the matrix displays the 1st- and 3rd-party requests neatly and clearly, its logger is excellent, and uMatrix is much more flexible and versatile and can be configured in many ways to your liking (thankfully @gorhill has recently added several guides to the uMatix wiki which demonstrate its possibilities).

    Yes, Noscript has an XSS filter and a clickjacking protection, and that's why I still have it installed with all scripts allowed. But hey - I haven't seen an XSS warning in years so I really doubt that it's really worth it. After all uMatrix also protects against most XSS variants as all 3rd party scripts are blocked by default, most adservers/trackers/malware sites (the usual suspects for such attempts) are explicitly blacklisted via the integrated hosts files, and any impacts are limited anyhow if you're using the domain-specific scope.

    That's why I couldn't understand those statements by some people made before Nov. 14, that an update to FF 57 was out of question before Noscript was ready.
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    NoScript (is on a roll) version 10.1.3 has been released. :cool:

    v 10.1.3
    =============================================================
    x Hotfix for wiped TRUSTED permissions
    x Hotfix for NoScript failing to load if XSS was disabled in
    previous session

    I just tested it, and I think I found a little problem, I ll check around and see if other people are reporting it.

    Bo
     
  14. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    @summerheat. I am just going to tell you this. Some of you guys (you, included), using Umatrix or UBO, in your, "I cant believe you choose NoScript over Umatrix" comments, sound like you need reinforcement or approval for your choice. Unconsciously thats what you do when you continuously keep writing that type of comment. You need other users to move over to Umatrix to reinforce your choice and make you feel confident that you made the right choice.

    Bo
     
  15. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,158
    :argh: You're really funny, Bo :thumb:

    Just in case you're serious about what you wrote: I had been a using Noscript for years and I have been using uMatrix for years, too. So I'm rather confident that I know what I'm talking about. And believe me - I definitely do not need any reinforcement of my choice. But thank you very much for your concern about my mental health.
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    Lack of confidence in decisions you make is not a sign of bad mental health. I didnt mean nothing bad, but it usually is what I said when someone continuously attempt to convince another person on making same decisions and choices.

    Anyway, the other day (about a week ago), I read someone (I remember who) say in the UBO or Umatrix thread that videos start on their own when he visited ESPN. Thats not the case with NoScript (perhaps he is doing something wrong, I dont know).. I could it wrote something in that thread but I didnt have to, didnt feel the urge to "prove" anything. He mentioned brightcove.net, a domain I black list and doesnt run and is not required to watch videos. But kicks in when you click on the video. Take a look.

    When I open the page.

    1.jpg


    When I click to play the video.

    2.jpg

    Bo
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    In the pictures I just posted, we see domain go.com (a domain thats required for watching videos and ESPN working properly) in green as trusted, and also see domain go.com in red as Default. Thats the new security feature thats getting a lot of complains from users who dont understand the purpose of the feature, but in those pictures we see the feature at work. What is it doing? only connections from https go.com are allowed to load scripts, etc. Unsecured http go.com is forbidden to load or run anything. I could allow go.com http to run, but I choose not to, thats my choice. If I had trusted go.com with the the lock in red instead of green, all connections, secured and unsecured would run. But is not required and NoScript gives me the ability of picking, for better security.

    Summerheat, this post is not meant for you. :)

    At first, I didn't realize the usefulness of this feature or what it was doing but after a couple of days, started clicking. After that, I went and look over every domain that I have as Trusted, and changed the ones with the Red lock that in my personal case use, only required the Green https lock for the websites to work as I require them and were https. If a site is http, you got to go Red, Perhaps, this is not a big deal in sites like ESPN, but what about yahoo mail or google mail, or your bank sites. Useful feature. You dont want your bank site or when making purchases to be trusting Red when all you need is Trust and allow green. Hopefully, I am making sense.

    Bo
     
    Last edited: Nov 29, 2017
  19. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    805
    Location:
    India
    Yes, Configuring rules for http vs https is very good. Especially important for sensitive sites. However, the sites i came across, i had to allow connections via http :(
    I do this in uBO, when nooping rules in Medium mode..
     
  20. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,158
    Your phrasing is still close to an ad hominem attack (and not for the first time). This is my last comment on this matter.
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,857
    Location:
    Among the gum trees
    The latest version of NoScript (10.1.3) is virtually unusable in its current form. Clicking the NS icon restores down Firefox when set to maximised and NS pops up full screen.

    I know the developer has been busy working away on NS 10.x but maybe he needs some sleep too.
     
  22. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    24,794
    Location:
    U.S.A.
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    Krusty, you can install version 10.1.3rc3 (the previous version than the one you installed). Thats a solid version. There is an update supposed to be released today that fixes what you found, I being busy today but I just looked for it and surprises me that is not out yet. Install 10.1.3rc3, you ll be good. Verify that settings for Trusted, Untrusted and Default are set as you want them after installing the (for the moment) solid gold version :cool:.
    https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/?page=1#version-10.1.3c3

    Bo
     
    Last edited: Nov 30, 2017
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    4,513
    Location:
    Nicaragua
    I am sorry I hurt your feelings but now you are putting the martyr act. When you wrote what I am quoting (below), you were teasing me, you wanted a response and you got it. And you wrote it in this thread, you knew I would not miss it and wrote the words that you knew would get a response from me.
    How I plan to carry on Firefox updates is my choice, not yours. Same with the programs I use. I have the right to use what I want without being attacked. You seem to have a hard time understanding that not everyone does as most people do. I am a rebel with a cause.

    Regarding Firefox updates? I am doing it again. I havent updated to Firefox 57.0.1 yet. Basically same reasons as before. I want to update to the next NoScript release before updating to 57.0.1. I got my reasons, you dont have to accept them, but understand that I should be able to follow my instincts without being mocked about. :) Greetings.

    Bo
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,857
    Location:
    Among the gum trees
Loading...