v 1.6.9 ===================================================================== + Firefox 3.1a1pre compatibility x Faster Base64 injection checks v 1.6.8.2 ===================================================================== + Better reporting of dynamically included external scripts, e.g. ajax.googleapis.com on goosh.org v 1.6.8.1 ===================================================================== x Fixed regression: right-click on the status bar and "open UI" keyboard shortcut broken. v 1.6.8 ===================================================================== x Fixed false positives in new Base64 decoding Injection Checker v 1.6.7 ===================================================================== + Base64 decoding in URI Injection Checker, thanks Zoiz for Yahoo PoC -- see http://zoiz.web.id/xss-corner/base64-encoded-xss.html x Extra NOSCRIPT element showing won't add SCRIPT elements on buggy pages like evite.com (thanks zgendron and other reporters) v 1.6.6 ===================================================================== x Fixed two bytes subnet shorthands broken if protocol is specified x Fixed subnet shorthands not matching URLs with non-standard ports x Firefox 3.0.* version bump x Fixed XSS false positive on block.opendns.com v 1.6.5 ===================================================================== x Fixed XSS URL sanitization issue with some proxy configurations (thanks Philipp Gühring for reporting and testing) x Fixed false positives caused by Image(...).jpg file names Reproducible: Always Steps to Reproduce:
In CVS, thanks
