Pale Moon has been updated to Version 27.0.3. The update addresses a number of bugs and regressions with the new milestone release as well as security updates. Included in the updates are DiD* patches.
*DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.Details from the Release Notes:
Security and Crash fixes:
- Fixed use-after-free while manipulating DOM events and removing audio elements (CVE-2016-9899).
- Fixed CSP bypass using the marquee tag (CVE-2016-9895).
- Fixed a vulnerability in the internal Jetpack modules (CVE-2016-9903). DiD
- Fixed use-after-free in Editor while manipulating DOM subtrees (CVE-2016-9898).
- Fixed an error in the buffer logic in http-chunked decoder.
- Fixed a crash in generational GC code (not in use by default) DiD
- Fixed a compartment mismatch bug in plug-in code
- Fixed a crash trying to get a nonexistent property.
- Improved MediaRecorder's observer safety.
- Fixed a crash related to document history.
- Fixed certain network errors not displaying.
- Fixed network error page styling.
- Fixed the writing of DOM storage data to tabs (should solve the "tabs not loading their contents" issue when migrating a profile and some other situations).
- Disabled downloadable font unicode-ranges on non-Windows platforms.
- Added a Google Fonts user-agent override for non-Windows platforms so they don't send unicode-ranged composite fonts (Feature detection? Google apparently still doesn't know what that is).
- Re-enabled the reporting of CSS errors to the console by default to prevent issues with some extensions who rely on this (e.g. Stylish).
- Fixed and updated preferences for location bar suggestions.
- Fixed several x64-specific issues in memory allocation code (regression fix).
- Fixed timer issues when resuming a computer from stand-by (regression fix).
- Fixed a number of branding and textual issues in the browser.
- Fixed prompting for the saving of off-line data (previously always allowed without prompting).
- Fixed a layout regression that would cause block elements following left floats to not wrap to the next line if there wasn't enough clearance.
- Fixed a mismatch in Firefox extension compatibility-mode installation where Firefox extensions served by addons.mozilla.org would be marked incompatible when trying to install.
- Windows Vista/Windows 7/8/10/Server 2008 or later
- Windows Platform Update (Vista/7) strongly recommended
- A processor with SSE2 instruction support
- 256 MB of free RAM (512 MB or more recommended)
- At least 150 MB of free (uncompressed) disk space
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.