27.2.1 (2017-03-24)This is a small update to fix some stability and usability issues.
Changes/fixes:• Fixed an issue with planar alpha handling (transparency) when drawing JXR images.
• Fixed a crash related to a change JavaScript array handling introduced in 27.2.0.
This became apparent with the pentadactyl extension, but could happen in other situations as well.
• Fixed a crash when opening ridiculously large images with HQ scaling enabled (default).
Pale Moon will now only apply HQ scaling for images within reasonable limits (64 Mpix or smaller). Images larger than that may not display properly when zooming in, or may not display at all, even scaled down (e.g. >256 Mpix large) and show a "broken image" placeholder instead; please use dedicated image viewer applications for those kinds of images; it is outside the scope of a web browser to handle such large images.
• Changed the way URL hashes are handled, and will no longer %-decode anchor hash identifiers by default.
Note that this is against RFC 3986, which states that any part of the URL scheme that isn't data should be decoded.
This is required for web compatibility because several sites use hash links to pass actual data to web applications (Please don't do this! Hashes ar part of the URL address, should only consist of "safe" characters, and aren't suited to pass arbitrary data) and the most common browsers no longer follow the RFC in that respect.
If you want RFC compliance, switch dom.url.getters_decode_hash to true
• Restored 2 RSA Camellia cipher suites that were missing: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA and TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
• Fixed an issue with custom toolbars getting deleted during upgrade from 27.0/27.1 to 27.2
27.2.0 (2017-03-18)This is a major update to the browser with a focus on back-end improvements and security.
Changes/Fixes:• Updated the ICU lib to 58.2 to fix a number of issues.
• Added proper control for the user for offline storage for web applications.
• Added a check to prevent auto-filled URLs from copying the auto-filled selection to clipboard/primary.
• Added the feature to pass a URL to open in a private window from the command-line.
• Improved the display of the downloads indicator on the button in bright-text situations.
• DOM storage now honors the "3rd party cookie" setting in that it will not allow 3rd party data to be stored if 3rd party cookies are disallowed.
• Allowed toolbar button badges to be properly styled.
• Updated the hunspell spellchecking library to 1.6.0 to fix a number of issues.
• Fixed desktop notifications being off-screen if fired in rapid succession.
• Added Element.insertAdjacentElement and Element.insertAdjacentText DOM functions.
• Added support for JPEG-XR images.
This makes Pale Moon have the broadest support for image formats of all web browsers.
(enabled by default; you can disable this with media.jxr.enabled).
• Completely removed the use of GStreamer on Linux.
• Added support for element.innerText.
• Custom toolbars should now properly remember their state.
• Fixed some more playback issues with MP4/MSE videos.
Please be aware that we are still working on further improving MSE video handling.
• Changed media processing to reduce dangerous processing asynchronicity.
This should also make media elements and playback more responsive.
• Fixed a useragent string regression always displaying the minor Goanna version as .0
• Updated NSPR to 4.13.1.
• Updated NSS to 3.28.3-RTM.
• Fixed unrestricted icon sizes in PMkit buttons.
• Fixed unresponsive buttons on support page when not building the updater.
• Fixed the use of "View image" and "Save image as" on extremely large images.
• Changed the way "View Image" and "Save image as" work on canvas elements.
• Made checking for dangerously large resolution PNG images smarter.
It will now accept larger "strip"-aspect ratio images while reducing unsupported large image resolutions.
This will e.g. fix Gmail's "emoji" window that uses a ridiculously long but very narrow single image to store all the emoticon pictures.
• Converted several hard-coded URLs to preferences.
• Updated the google.com override so it would not cripple services based on UA sniffing.
• Added Inner and Outer Window ID administration.
• Fixed the add-on discovery pane detection.
• Added support for canvas ellipse.
• Improved drawing of certain MathML elements at problematic zoom levels.
• No longer building gamepad support.
• Updated Harfbuzz font shaper to 1.4.3 to fix a number of issues.
• Fixed a number of crashes (layout, plugins, uncommon navigation, bad URLs).
• Aligned SVG specular filters with the spec.
Security/privacy changes:• Added support for 256-bit AES-GCM encryption.
• Added support for ChaCha20-Poly1305 encryption.
• Removed support for Camellia-GCM since nobody seems interested in it.
(Camellia in 128/256-bit CBC block mode is still fully supported).
• Added support for SHA-224, SHA-256, SHA-384 and SHA-512 to Crypto utils.
• Improved status handling of secure sites to be less sensitive to "insecure" items that are local.
• Fixed print preview hijacking. (CVE-2017-5421)
• Fixed a potentially exploitable crash in OnStartRequest. (CVE-2017-5416)
• Fixed potential cross-origin content-stealing through a timing attack. (CVE-2017-5407) DiD
• Fixed a denial-of-service problem with view-source. (CVE-2017-5422)
• Fixed crash in directional controls. (CVE-2017-5413)
• Fixed a perceived problem with chrome manifests. (CVE-2017-5427)
• Fixed the use of an uninitialized value. (CVE-2017-5405)
• Fixed a buffer overflow. (CVE-2017-5412)
• Fixed a UAF situation. (CVE-2017-5403)
• Fixed a potential spoofing issue with the address bar. (CVE-2017-5417)
• Fixed a potential issue in libvpx. (CVE-2017-5402) DiD
• Fixed a potential issue with HTTP auth. (CVE-2017-5418)
• Fixed several memory safety hazards and potentially exploitable crashes. DiD
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
27.1.2 (2017-03-03)This is a small update adding a workaround for potential deadlocks happening in media elements.
27.1.1 (2017-02-21)This is a stability and bugfix update to the browser.
Changes/Fixes:• Implemented a fix in media handling to prevent crashes with concurrent videos and/or rapidly starting/stopping video playback in the browser.
• Fixed the way the Adobe Flash plugin is detected to prevent confusion with other plugins that identify themselves as "Flash" (e.g. VLC).
• Windows: Solved stability issues caused by the release build process, resulting in unexpected behavior (e.g. hangups).
»» Нажмите, для закрытия спойлера | Press to close the spoiler «« Размер: 30,5 МБ.
Размер: 34,1 МБ.
Размер: 30,8 МБ.
Размер: 34,5 МБ.