Pale Moon version 28.11.0 has been released. The update is a development, bugfix and security update. Linux versions will follow shortly.
The update includes DiD ("Defense-in-Depth") updates. A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
From the Release Notes
- Changed storage format for certificates and passwords to SQLite.
Please note that this is a unidirectional change, and mixing/matching versions with a shared used profile (e.g downgrading) may cause newly-added passwords being lost. - Added a preference (browser.tabs.insertAllAfterCurrent) to enable always adding new tabs after the current tab, whether related or not.
- Changed the way Firefox extensions are displayed in the add-on manager (provide a clear warning).
- Denied other types of add-ons that aren't explicitly targeting Pale Moon's ID. Time to stop using those incompatible Firefox themes etc. and properly fork them!
- Improved the browser's DPI-awareness to be per-monitor instead of system-wide, on supported Windows operating systems.
- Updated bookmark backups code with the other half of what should have been done way back when, so they work fully as-intended.
- Added a preference (browser.bookmarks.editDialog.showForNewBookmarks) to enable immediately showing the edit dialog for new bookmarks.
If set to true, clicking the star in the address bar will pop open the edit dialog immediately for changing details/sorting. - Fixed the useragent string in native mode, and updated UA code to properly respond to live changes to some preferences.
- Tidied up front-end browser JavaScript.
- Changed the way sources are compiled (on-going de-unification).
- Improved compatibility with gcc v10
- Removed support for the obsolete and unmaintained NVidia 3DVision stereoscopic interface.
- Fixed some build issues in non-standard configurations.
- Fixed wrong positions when calculating the position for position:absolute child inside a table.
- Aligned file name extension of saved url files with other applications (lower case)
- Fixed building with --disable-webspeech (to disable speech synthesis)
- Added global menubar support for GTK.
- Implemented node.getRootNode
- Implemented AbortController (Abort API)
- Improved the uninstaller to use elevation when prudent and actually remove program files.
- Fixed a rare issue with editable page content.
- Fixed a crash related to ES module scripts.
- Aligned ES module scripting better with the current spec and removed eager instantiation.
- Fixed a potential issue with the JPEG encoder. (CVE-2020-12422) DiD
- Fixed a potential issue with AppCache manifests. DiD
- Fixed a potential crash in JavaScript date parsing.
- Fixed a problem with RSA key generation that would make it potentially vulnerable to side-channel attacks. (CVE-2020-12402)
- Fixed a potential crash due to multithread race condition. DiD
- Fixed a correctness issue in URL handling. (CVE-2020-12418) DiD
- Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 4 defense-in-depth, 10 not applicable.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Click About Pale Moon and Check for Updates.
Release Notes
No comments:
Post a Comment