Autor Thema: Pale Moon: Release notes v28.4.0 (2019-02-19)  (Gelesen 250 mal)

0 Mitglieder und 1 Gast betrachten dieses Thema.

Offline virtual-dev

  • Sr. Mitglied
  • ****
  • Beiträge: 299
  • Dankeschön: 712 mal
  • Desktop: Xfce4
  • Grafikkarte: Intel HD Graphics 630
  • Grafikkartentreiber: free
  • Kernel: 5.4 LTS
  • Prozessor: i7-7700HQ
  • Skill: Fortgeschritten
  • Zweig: *
Pale Moon: Release notes v28.4.0 (2019-02-19)
« am: 19. Februar 2019, 17:45:37 »
Pale Moon: Release notes

v28.4.0 (2019-02-19)

This is a major development, stability and security release.


    Removed more telemetry code from the platform.
    Fixed implementation of the IntersectionObserver API to avoid crashes, and enabled it by default.
    Switched to the new ffmpeg decode API to avoid dropping of frames.
    Fixed a buffering issue in the WebP decoder that caused intermittent browser crashes.
    Improved resource-efficiency for internal stopwatch timers.
    Improved handling of incorrectly-encoded CTTS in media files, resolving some playback issues of
    Improved the Cycle Collector and Garbage Collector.
    Improved fullscreen navigation bar handling in the situation it has focus when switching to full
    Aligned instanceof with the final ES6 spec.
    Improved Windows DIB (bitmap) clipboard data handling.
    Exposed TLS 1.3 cipher suite prefs in about:config in case people want to disable them individually.
    Allowed empty string on the setter to clear URL query parameters from JS.
    Added a potential fix for external links not opening in the current window/tab (untested).
    Enabled C++11 thread-safe statics in the entire application.
    Updated several preferences for integration with the new add-ons site.

Security fixes:

    Fixed a potential use-after-free in IndexedDB code. (DiD)
    Improved proxy handling to avoid localhost getting proxied. (CVE-2018-18506)
    Ported upstream Skia fixes. (CVE-2018-18356, CVE-2018-18335)
    Fixed an additional Skia issue. (CVE-2019-5785)
    Fixed several potentially-exploitable memory safety hazards and crashes. (DiD)
    Fixed a possible data race when performing compacting GC.

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Folgende Mitglieder bedankten sich: snowie