Firefox のソースコードを元に、軽量化、高速化を志向するブラウザ
『Pale Moon』 に関する話題をどうぞ
公式ホームページ
http://www.palemoon.org/
Archived versions
http://www.palemoon.org/archived.shtml
日本語のランゲージパックは諸事情により非公開になりました
以下のプレリリース版を利用して下さい
https://github.com/JustOff/pale-moon-localization/releases
前スレ
Pale Moon Part13
https://egg.5ch.net/test/read.cgi/software/1534856140/
探検
Pale Moon Part14
■ このスレッドは過去ログ倉庫に格納されています
2019/06/19(水) 16:15:44.07ID:9FeTxod80
2019/07/25(木) 22:21:21.18ID:ZbVRwCjH0
Pale Moon: Release notes
v28.6.1 (2019-07-25)
This is security and bugfix update.
Changes/fixes:
Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
Implemented a revised version of http2PushedStream to address some thread safety issues.
Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
Fixed a type confusion issue in JavaScript Arrays. (DiD)
Added a fix for cross-thread access of Necko. (DiD)
Added a port safety check for Alternative Services.
Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and
several networking and memory-safety hazards that do not have CVE numbers.
v28.6.1 (2019-07-25)
This is security and bugfix update.
Changes/fixes:
Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
Implemented a revised version of http2PushedStream to address some thread safety issues.
Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
Fixed a type confusion issue in JavaScript Arrays. (DiD)
Added a fix for cross-thread access of Necko. (DiD)
Added a port safety check for Alternative Services.
Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and
several networking and memory-safety hazards that do not have CVE numbers.
2019/07/25(木) 22:22:56.50ID:ZbVRwCjH0
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon,
but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
■ このスレッドは過去ログ倉庫に格納されています
ニュース
- 自民・麻生太郎 副総裁 石破政権の1年は「どよーん」 高市政権の発足で「何となく明るくなった」「世の中のことが決まり動いている」 [Hitzeschleier★]
- 東京都「都民の税金1.5兆円が国に奪われている」「全国に分配されている」に地方民ブチギレ [Hitzeschleier★]
- JA全農が「新おこめ券」…来年9月末の有効期限を新設、必要経費のみ上乗せ [蚤の市★]
- 「もうキモくてキモくて…」29歳女性が語る“おぢアタック”の実態。「俺ならイケるかも」年下女性を狙う勘違い中年男性に共通点が★4 [Hitzeschleier★]
- 高市首相の答弁書に「台湾有事答えない」と明記 存立危機発言当時 [蚤の市★]
- 【27歳会社員】「自慰行為に使うために」コインランドリーの乾燥機から24歳女性の下着など計11点(時価8万2080円相当)盗んだ疑い [nita★]
- トランプ、G7に代わるcore 5を発表 [805596214]
- イ カ れ た メ ン バ ー 紹 介 す る ぜ !
- 日本人TikToker「高市が発言撤回さえしてくれれば収益を没収されずに済んだのに、高市は国民を犠牲にして権力に縋る最低最悪の施政者」 [314039747]
- 【疑問】巨人現ドラ菊地が原監督にはコメントして阿部の事はスルーした理由w w w w w w w w w
- 【実況】博衣こよりのえちえちダンガンロンパ2🧪★5
- タイ「カンボジア国内へ侵攻だ!二度と逆らえないようにしてやるぜHAHAHA!」→あっさり撃退されてしまう [793187428]