The update includes DiD ("Defense-in-Depth") updates. A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
From the Release Notes
- Implemented URLSearchParams' sort() function
- Implemented ES2020 globalThis for web compatibility
- Improved our WebM media parser to be more tolerant to different encoding styles.
- Improved our MP3 media parser to be more tolerant to different encoding styles and particularly tiny files/stream chunks.
- Improved performance of table drawing for more corner cases
- Changed the way images without a src are handled in page layouts to align with the Chrome-pushed spec.
- Added modern MIPS support
- Split out the ICU data file from xul.dll on Windows
- Fixed a regression in WebAudio channel handling due to a landed security fix.
- Fixed a regression preventing scripting from properly disabling input controls
- Fixed an issue with border radius sometimes not being honored in tables
- Fixed some build issues in non-standard configurations.
- Removed more telemetry code
- Removed the in-browser speech recognition engine and API
- Removed support for the obsolete and unmaintained NVidia 3DVision stereoscopic interface.
- Changed handling of braille blanks in the ui (CVE-2020-12409) DiD
- Mitigated a potential timing attack against DSA keys in NSS (CVE-2020-12399)
- Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 1 defense-in-depth, 8 not applicable.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Click About Pale Moon and Check for Updates.
Release Notes
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment