Autor Thema: Pale Moon: Release notes v28.6.1 (2019-07-25)  (Gelesen 207 mal)

0 Mitglieder und 1 Gast betrachten dieses Thema.

Offline snowie

  • Vollwertiges Mitglied
  • ***
  • Beiträge: 139
  • Dankeschön: 17 mal
  • Desktop: xfce
  • Grafikkarte: intel 4000
  • Grafikkartentreiber: free
  • Kernel: 5
  • Prozessor: intel-i7
  • Skill: Fortgeschritten
  • Zweig: stable
Pale Moon: Release notes v28.6.1 (2019-07-25)
« am: 26. Juli 2019, 13:53:48 »
Zitat
Pale Moon: Release notes

v28.6.1 (2019-07-25)

This is security and bugfix update.
Changes/fixes:

    Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
    Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
    Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
    A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
    Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
    A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
    Implemented a revised version of http2PushedStream to address some thread safety issues.
    Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
    Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
    Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
    Fixed a type confusion issue in JavaScript Arrays. (DiD)
    Added a fix for cross-thread access of Necko. (DiD)
    Added a port safety check for Alternative Services.
    Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and several networking and memory-safety hazards that do not have CVE numbers.

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Quelle
Folgende Mitglieder bedankten sich: tetzlaff