Stable AMO Version, see changelog for details.
Cross-browser NoScript on the chrome web store
Supported browsers: Firefox (Desktop and Mobile on Android), SeaMonkey, Tor Browser (where it is built-in), Chromium/Chrome.
Other browsers based on Gecko versions >= 45 might work, but are not tested.
Direct download
You can get latest stable version here, too, using this
direct download link for NoScript 11.0.3
To install, just drag and drop it onto your address bar.
v 11.0.3 ============================================================= x [Tor] Work-around for prompts being huge when resistFingerprinting is enabled x [XSS] Fixed false positives due to overzealous HTML attribute checking x [XSS] Enabled InjectionChecker logging when debugging mode is on x Work-around for browser.i18n.getMessage() API in content scripts giving away browser's real locale (Tor issue #31287) x Updated TLDs x [L10n] Updated Transifex-managed he, is, nb, ru, sq, zh_TW
If you find any problem installing it, this FAQ may help.
You can still download NoScript "Classic" (5.1.9) for Palemoon, Seamonkey, Waterfox and possibly other "vintage" (pre-Gecko 57) Firefox forks here: we'll do our best to provide security fixes as long as supporting browser still guarantee their own security updates.
Notice: you may need to open about:config and set your xpinstall.signatures.required preference to false in order to install NoScript 5.x, since Mozilla doesn't support signatures for legacy add-ons anymore. If you're using a non ESR Firefox, you may also need this hack.
v 5.1.9 ============================================================= x Fixed automatic reload bug (thanks ThomasW and barbaz for reporting)
Users of Firefox 44 and below are urged to upgrade their very unsafe browser. For those few who can't,
- latest NoScript version compatible with Gecko 46 - Gecko 56 is 5.1.x;
- latest NoScript version compatible with Gecko 13 - Gecko 45 is 2.9.0.14;
- latest NoScript version compatible with Gecko 1.9 - Gecko 12 is 2.9.0.1rc1;
- latest NoScript version compatible with Gecko < 1.9 is 1.10.
Development version
If you're brave enough and you need a specific feature or fix not released yet, or you simply
want to provide feedback before official release, you may want try this
"Quantum" NoScript 11.0.4rc11 development build
Here, if you need it, the "Classic" NoScript 5.1.9rc1 development build for browsers based on Gecko 56 and below. Please notice you may need to open about:config and set your xpinstall.signatures.required preference to false in order to install, since Mozilla doesn't support signatures for legacy add-ons anymore.
Starting with NoScript 10.1.8.3, NoScript's public source code repository is hosted on Github.
Recent development history:v 11.0.4rc11 ============================================================ x [Tor] Display .onion sites as "secure" in the UI (tickets #27313 and #27307) x Fixed typo causing Chromium builds not to be created in the XPI directory v 11.0.4rc10 ============================================================ x Support for splitting sync storage items into chunks, to allow synchronization of big policies across devices x [L10n] Updated ca, nl x Overwrite Chromium zip on reiterated builds v 11.0.4rc9 ============================================================ x IPv4 subnet shortcut matching v 11.0.4rc8 ============================================================ x Fallback to local storage for any item exceeding limits (fixes persistence problems on Chromium) x Alternate version numbering for Chromium pre-releases x [L10n] Updated nl v 11.0.4rc7 ============================================================ x Prevent startup tabs from remaining stuck with about:blank v 11.0.4rc6 ============================================================ x Fix Chromium dev builds failing when signing Firefox extension x Prevent startup race conditions breaking pinned tabs sometimes v 11.0.4rc5 ============================================================ x Make extra efforts to ensure safety net reloads happen only once on startup v 11.0.4rc4 ============================================================ x SyncMessage support for asynchronous listeners x Simplified, less noisy and more resilient Messages abstraction implementation (thanks barbaz for reporting) x Handle edge-case policy retrieval for file:// pages loaded by session restore on startup and alike x Improved Chromium development-build workflow v 11.0.4rc3 ============================================================ x Make policy fetching resilient to missing tab information x More verbose error logging while processing syncMessage listeners x Fix CSP violation reporting management of "fake" blocked-uri like "eval" x Leaner and faster SyncMessage shim tab id tracking hack for Firefox v 11.0.4rc2 ============================================================= x Recursive webgl context monkeypatching across same origin windows (thanks skriptimaahinen for concept and patch) x Replaced cookie-based hacks with synchronous messaging (currently shimmed) to retrieve fallback and per-tab restriction policies x Work-around for Chromium not supporting frameAncestors in webRequest x Block CSP violation reports requests synchronously, x before they fail on .invalid DNS resolution, on Chromium v 11.0.4rc1 ============================================================= x [L10n] Updated Transifex-managed da, it, nl, ru, sv_SE x [XSS] Updated HTML5 events x Updated TLDs x Fixed "Cascade top document restrictions" option not always applied to embedded elements (thanks barbaz for reporting) x Removed XSS prompt for timeouts
Feedback
If you find something wrong about NoScript, read the FAQ page and/or let me know: I'll try to fix it as soon as I can.
You can also discuss about NoScript on this Forum.
Have your safest browsing experience!
