No replies to this topic

[chachazz]

V. 1.1.5 "XSS Terminator"
June 28, 2007

Main good news:

• Shorthand matching for subnets and variable port numbers.
• Protection against all the currently known cross-browser exploits targeting Firefox, like the ones reported by Thor Larholm, Billy Rios and Greg MacManus.
• Enhanced Anti-XSS protection: unobtrusive "light" injection checks are now performed on cross-site navigation starting from trusted sites too.
• JavaScript redirections on dummy blank pages are detected and shown (e.g. www.fordvehicles.com) or automatically followed, if a single address have been found (e.g. www.ford.com).
• Improved blocked plugin content placeholders, now can be middle-clicked or right-clicked like any "regular" link, e.g. to "Save Link As..." or "Copy Link Location"

Changelog v 1.1.5
x Removed about:neterror from the permanent non-deletable whitelist
(for the super-paranoids, thanks Aerik)
x Minor bug fix, anti-XSS notification bar skipped when an URL nested
in a query string gets sanitized
x Extra QA for public release

Get it!»