0814名無しさん@お腹いっぱい。
2019/03/27(水) 21:40:29.42ID:BU9XTWGU0v28.4.1 (2019-03-26)
This is a security and bugfix update.
Changes/fixes:
・Fixed hover state arrows on some controls.
・Fixed potential denial-of-service issues involving FTP (loading of subresources and spamming errors).
・Disabled Microsoft Family Safety (Win 8.1) by default. This prevents security issues as a result of a local MitM setup.
・Added several site-specific overrides (Firefox Send and polyfill.io) to work around website UA-sniffing isues.
・Implemented the origin-clean algorithm for controlling access to image resources.
・Cleaned up the helper application service code.
・Ported applicable security fixes from Mozilla (CVE-2019-9791, CVE-2019-9792, CVE-2019-9796, CVE-2019-9801, CVE-2019-9793, CVE-2019-9794, CVE-2019-9808 and ZDI-CAN-8368).
・Implemented several defense-in-depth measures (for CVE-2019-9790, CVE-2019-9797, CVE-2019-9804, and a JavaScript issue).
・Fixed several memory safety hazards and crashes.
・Binaries are now code-signed again (including the setup program for the installer).
