From the Release Notes:
Changes/fixes:
- Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
- Added a preference (
security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice. - Added blocking of authentication-locked cross-origin image
subresources by default to prevent spurious auth prompts.
A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment. - Changed the behavior of file: URIs to treat each URI as a
unique origin. This prevents cross-file access from scripting.
A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment. - Implemented a revised version of
http2PushedStreamto address some thread safety issues. - Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
- Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
- Updated NSS to 3.41.2 (custom) to pick up several upstream
fixes.
- Fixed a type confusion issue in JavaScript Arrays. (DiD)
- Added a fix for cross-thread access of Necko. (DiD)
- Added a port safety check for Alternative Services.
- Implemented fixes for applicable security issues:
CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717,
CVE-2019-11714 (DiD),
CVE-2019-11729 (DiD),
CVE-2019-11727 (DiD),
CVE-2019-11730 (DiD),
CVE-2019-11713 (DiD) and
several networking and memory-safety hazards that do not have CVE
numbers.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Click About Pale Moon and Check for Updates.
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment