Firefox のソースコードを元に、軽量化、高速化を志向するブラウザ
『Pale Moon』 に関する話題をどうぞ
公式ホームページ
http://www.palemoon.org/
Archived versions
http://www.palemoon.org/archived.shtml
日本語のランゲージパックは諸事情により非公開になりました
以下のプレリリース版を利用して下さい
https://github.com/JustOff/pale-moon-localization/releases
前スレ
Pale Moon Part13
https://egg.5ch.net/test/read.cgi/software/1534856140/
Pale Moon Part14
■ このスレッドは過去ログ倉庫に格納されています
2019/06/19(水) 16:15:44.07ID:9FeTxod80
2019/07/25(木) 22:21:21.18ID:ZbVRwCjH0
Pale Moon: Release notes
v28.6.1 (2019-07-25)
This is security and bugfix update.
Changes/fixes:
Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
Implemented a revised version of http2PushedStream to address some thread safety issues.
Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
Fixed a type confusion issue in JavaScript Arrays. (DiD)
Added a fix for cross-thread access of Necko. (DiD)
Added a port safety check for Alternative Services.
Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and
several networking and memory-safety hazards that do not have CVE numbers.
v28.6.1 (2019-07-25)
This is security and bugfix update.
Changes/fixes:
Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
Implemented a revised version of http2PushedStream to address some thread safety issues.
Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
Fixed a type confusion issue in JavaScript Arrays. (DiD)
Added a fix for cross-thread access of Necko. (DiD)
Added a port safety check for Alternative Services.
Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and
several networking and memory-safety hazards that do not have CVE numbers.
2019/07/25(木) 22:22:56.50ID:ZbVRwCjH0
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon,
but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
■ このスレッドは過去ログ倉庫に格納されています
ニュース
- そりゃ結婚離れが加速するわ 女性が相手に求めるもの日本「2位学歴・職業、1位年収・経済力」欧米は★2 [七波羅探題★]
- 2~4月レアメタル対日輸出ゼロ 中国規制、代替で価格3倍 タングステン調達難 ★2 [ぐれ★]
- 【国旗損壊罪】「寄せ書き」「イベン配布小旗回収廃棄」「古い汚れた国旗を償却」「映画」は処罰対象外★2 [七波羅探題★]
- オーストラリア産小麦、石油高騰で収穫減へ 日本のうどんに影響必至 [背油チャッチャ★]
- 【サッカー】日本代表・佐野海舟、過酷な日程も大丈夫! ボランチ選手層不安でフル回転の誓い「全力でやる」 [jinjin★]
- 全国の書店1万店割れ、紙の出版市場の不振やネット書店の伸長で…ピーク時の4割余り [ぐれ★]
- 【選択】安倍晋三さんが生き返るけど高市早苗の総裁選勝利や首相就任を阻止してくれるボタン🔘⇐押す? [597533159]
- トランプ大統領「少しは配慮とか自制ということを覚えろよ。他者のことを考えるべき」イスラエルに苦言 [359572271]
- ネトウヨが中国にお世話になってそうなこと「違法AV視聴」「中華スマホ」他には? [773738893]
- 個人の破産、増加 13年ぶりに8万人を超える もう終わりだよこの国 [402859164]
- チームみらい安野貴博「特に意味のない検査、意味のない投薬が医療費を釣り上げてるのでは」⇢炎上 [963243619]
- おまんこ🏡