NoScript for SeaMonkey 1.9.7.7

NoScript for SeaMonkey 1.9.7.7 is a full-featured Firefox extension which provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Staying safe has never been so easy!

Benefits:

• Several compatibility improvements in XSS filters and ABE.
• Fixed some web page layout issues caused by NoScript 1.9.7.7.
• Complete HTML 5 media (audio and video) blocking on untrusted sites.
• Enhanced frame and iframe blocking.
• Improved compatibility with add-ons performing custom HTTP requests (e.g. the "Versions" extension).
• XPI package is digitally signed.
• New layer of inclusion protection, checks whether 3rd party script and CSS files are served with proper content type.
• Enhanced JAR abuse protection (thanks .mario for RFE).
• Improved ABE rules syntax, now supporting raw IPs and subnets in address prefix/mask form.
• New option to turn off ABE notifications (in NoScript Options|Notifications).
• ABE (Application Boundary Enforcer) module providing protection against CSRF attacks.
• Protection against internet to intranet attacks (e.g. router hacking from the web) thanks to the built-in SYSTEM ABE ruleset.
• Enhanced and augmented Surrogate Scripts.
• New Import/Export buttons in the NoScript Options dialog, backup the whole NoScript configuration in a single JSON file, as a disconnected alternative to the Weave/XMark synchronization functionality (Fx 3 and above).
• Several speed, usability and stability improvements in the new NoScript preferences synchronization feature (Fx 3 and above).
• ClearClick ClickJacking protection compatibility with Feedly, Disqus and Sharethis.
• New dedicated support forum.

Major Features:

1. Usable security:
   
   • Operating NoScript is really simple. When you install NoScript, JavaScript, Java, Flash Silverlight and possibly other executable contents are blocked by default. You will be able to allow JavaScript/Java/... execution (scripts from now on) selectively, on the sites you trust. You can allow a site to run scripts temporarily, if you're just surfing randomly, or permanently, when you visit it often and you really trust it. This means that NoScript learns from your own browser habits and tends to disappear in the background after a while, but it promptly comes back to save your day if you stumble upon a malicious web page. When you browse a site containing blocked scripts a notification, similar to those issued by popup blocker, is shown. Look at it or at the statusbar icon to know current NoScript permissions:
   • • Forbidden Icon - this means that scripts and plugin contents are blocked for the current site and its subframes. Even if some of the 3rd party script sources imported by the page may be in your whitelist, no code could run because the hosting documents are not enabled.
     • Partially Allowed Subcontent Icon - this means the top level site is still forbidden but some active subcontent pieces (either frames or plugin objects) are allowed: some code may be running, but the page is likely not to work correctly yet because its main script source is still blocked.
     • Partially Allowed Icon - this means scripts are allowed for the top-level (main) document, but some other active content or script sources imported by this page are not allowed yet. This happens when there are multiple frames, or script elements linking code hosted on 3rd party hosts.
     • Since they're often unnecessary, the site is likely to work even in this "partially allowed" state. Furthermore, in most cases when a site is compromised with JavaScript malware, the malicious code is hosted on external "shady" sites. Even if you've previously allowed the top-level site, these external sites are still blocked and the attack fails anyway.
     • Partially Allowed / Partially Untrusted Icon - this means scripts are allowed for some URLs, and all the other ones are marked as untrusted.
     • Allowed Icon - this means that script execution is allowed for the current site
     • Globally Allowed Icon - this means that scripts are globally allowed (why did you decide to browse without any protection??!)
   • NoScript: one click to enable/disable JavaScript globally or PER SITE The number of detected