Firefox のソースコードを元に、軽量化、高速化を志向するブラウザ
『Pale Moon』 に関する話題をどうぞ
公式ホームページ
http://www.palemoon.org/
Archived versions
http://www.palemoon.org/archived.shtml
日本語のランゲージパックは諸事情により非公開になりました
以下のプレリリース版を利用して下さい
https://github.com/JustOff/pale-moon-localization/releases
前スレ
Pale Moon Part13
https://egg.5ch.net/test/read.cgi/software/1534856140/
Pale Moon Part14
■ このスレッドは過去ログ倉庫に格納されています
2019/06/19(水) 16:15:44.07ID:9FeTxod80
2019/07/25(木) 22:21:21.18ID:ZbVRwCjH0
Pale Moon: Release notes
v28.6.1 (2019-07-25)
This is security and bugfix update.
Changes/fixes:
Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
Implemented a revised version of http2PushedStream to address some thread safety issues.
Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
Fixed a type confusion issue in JavaScript Arrays. (DiD)
Added a fix for cross-thread access of Necko. (DiD)
Added a port safety check for Alternative Services.
Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and
several networking and memory-safety hazards that do not have CVE numbers.
v28.6.1 (2019-07-25)
This is security and bugfix update.
Changes/fixes:
Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
Implemented a revised version of http2PushedStream to address some thread safety issues.
Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
Fixed a type confusion issue in JavaScript Arrays. (DiD)
Added a fix for cross-thread access of Necko. (DiD)
Added a port safety check for Alternative Services.
Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and
several networking and memory-safety hazards that do not have CVE numbers.
2019/07/25(木) 22:22:56.50ID:ZbVRwCjH0
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon,
but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
■ このスレッドは過去ログ倉庫に格納されています
ニュース
- 【速報】中国、水産物輸入停止と通達 「処理水」理由、日本政府へ ★5 [おっさん友の会★]
- 高市首相答弁を“引き出した”立民・岡田克也氏が改めて説明「なぜ慎重な答弁をされなかったのか。非常に残念に思っている」 [ぐれ★]
- 中国側が首相答弁の撤回要求、日本側拒否★7 [夜のけいちゃん★]
- NHK会長 新語・流行語大賞ノミネート「オールドメディア」に反論「言われる筋合いはない」「新しいメディアだと思っている」 [muffin★]
- 【速報】 米大使「はっきりさせておこう、米国は尖閣諸島含め日本の防衛に全面コミット、中国がどうしようが変わらない」 [お断り★]
- 自民、経済対策で子ども1人に2万円給付へ 児童手当に上乗せ 所要額は約4000億円 [ぐれ★]
- 【速報】高市首相「つい言い過ぎた」 存立危機事態の答弁について [237216734]
- 中国、アメリカ産大豆を早速過去最大の規模でお買い上げ。トランプさん「中国との関係は非常に良好である」【高市悲報】 [709039863]
- ネトウヨ首長を選んだ結果、日本に損害与える。白浜のネトウヨパンダ町長と同じ構図か!?😲 [521921834]
- 【速報】中国、水産物輸入停止★2 [989870298]
- 【ネトウヨ悲報】基地内で女性をレイプした基地外米兵「記憶がない」 [834922174]
- 山上妹「統一信者から安倍自民への投票を求められた」法廷で証言 [947332727]