Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Firefox
Pale Moon 28.3.0 Released
Message
<blockquote data-quote="Bot" data-source="post: 791882" data-attributes="member: 52014"><p><span style="font-size: 18px"><strong>v28.3.0 (2019-01-15)</strong></span></p><p>This is a major development and bugfix release.</p><p></p><p>Changes/fixes:</p><ul> <li data-xf-list-type="ul">Added AV1 support for MP4/MSE videos. Please note that this is a reference library implementation and the upstream decoding lib currently has poor performance for higher resolutions (720p+). This is disabled by default; use the about:config preference media.av1.enabled to enable this codec.</li> <li data-xf-list-type="ul">Changed the API used for video playback with FFmpeg 58+. This should solve performance issues with VPx.</li> <li data-xf-list-type="ul">Redesigned the main toolbar icons as SVG images to make them HiDPI compliant.</li> <li data-xf-list-type="ul">Fixed the sync notification (infobar) icon.</li> <li data-xf-list-type="ul">Fixed a potential cycle collector resource leak.</li> <li data-xf-list-type="ul">Added icons and controls to tabs to indicate if sound is playing the tab and if so, allowing the user to mute it with a click.<br /> This is a native implementation of the API in use in Basilisk and performs the same function as the "expose noisy tabs" extension, although the extension may still be preferred by some for e.g. skinning capabilities. The feature may be disabled with browser.tabs.showAudioPlayingIcon.</li> <li data-xf-list-type="ul">Removed support for VR hardware.</li> <li data-xf-list-type="ul">Fixed out-of-bounds sizes for CSS calculation strings.</li> <li data-xf-list-type="ul">Removed the DirectShow component since it is no longer necessary.</li> <li data-xf-list-type="ul">Removed Firefox Accounts integration, phase 1:</li> <li data-xf-list-type="ul"><ul> <li data-xf-list-type="ul">Changed the Sync client to the one from Tycho.</li> <li data-xf-list-type="ul">Made Sync optional at build time.</li> </ul></li> <li data-xf-list-type="ul">Stopped trying to cater to addons.mozilla.org since they no longer offer anything useful to Pale Moon after the Great XUL Extension Purge™.</li> <li data-xf-list-type="ul">Added an option to process favicons for optimal sized display and removing animations. Enable this with browser.chrome.favicons.process</li> <li data-xf-list-type="ul">Fixed an incorrect preference reference in feed reader.</li> <li data-xf-list-type="ul">Fixed an issue with lazy frame construction on display:contents elements. This should solve e.g. the use of mathjax in comments on stackoverflow.</li> <li data-xf-list-type="ul">Media code improvements and cleanup (ongoing).</li> <li data-xf-list-type="ul">Updated the DropBox useragent override to solve login issues.</li> <li data-xf-list-type="ul">Fixed potential crashes due to shutdown observers in VTT and font lists. DiD</li> <li data-xf-list-type="ul">Enabled some mistakingly-disabled optimizations in the JS JIT compiler.</li> <li data-xf-list-type="ul">Fixed several potential crashes in JS. DiD</li> <li data-xf-list-type="ul">Fixed several potential crashes in WebCrypto. DiD</li> <li data-xf-list-type="ul">Fixed a potential crash in JS Range Analysis. DiD</li> <li data-xf-list-type="ul">Fixed a potential crash in the layout engine due to combo boxes. DiD</li> <li data-xf-list-type="ul">Fixed a potential shutdown crash in non-standard environments related to 2D Canvas. DiD</li> <li data-xf-list-type="ul">Fixed a potential overflow in the PNG writer. DiD</li> <li data-xf-list-type="ul">Fixed a potential double-free in the MAR signing utility. DiD</li> <li data-xf-list-type="ul">Fixed an issue where URLs could be extracted cross-origin (CVE-2018-18494).</li> <li data-xf-list-type="ul">Updated NSPR to v4.20.</li> <li data-xf-list-type="ul">Updated NSS to 3.41, providing (among other things) full compatibility with the final version of TLS 1.3 on websites.</li> <li data-xf-list-type="ul">Updated location.protocol to the latest spec.</li> <li data-xf-list-type="ul">Updated Intersection Observers to the latest spec and enabled them by default.</li> <li data-xf-list-type="ul">Updated the SQLite lib to 3.26.0.</li> <li data-xf-list-type="ul">Fixed errors about the login manager's recipeManager not being available (yet).</li> <li data-xf-list-type="ul">Switched status bar download arrow to SVG.</li> <li data-xf-list-type="ul">Fixed a crash in IntersectionObservers.</li> <li data-xf-list-type="ul">Fixed initialization of the Search service from browser code to avoid synchronous init.</li> <li data-xf-list-type="ul">Added logging of performance warnings to devtools consoles.</li> <li data-xf-list-type="ul">Fixed favicons in taskbar tab preview listings.</li> <li data-xf-list-type="ul">Blocked Comodo IS dll < version 6.3 to prevent startup crashes.</li> <li data-xf-list-type="ul">Fixed issues in the HTML form submit observer module.</li> <li data-xf-list-type="ul">Limited resolving depth of CSS variables to a sane maximum (fixes cras.sh issue).</li> <li data-xf-list-type="ul">Removed Mozilla's proprietary constructor on WebAudio's AudioContext, aligning it with the standard specification.</li> <li data-xf-list-type="ul">Exposed the previously hidden preference in about:config for page thumbnail generation (some people prefer this for local privacy).</li> <li data-xf-list-type="ul">Aligned Element.ScrollIntoView with the DOM specification. This improves, among other things, compatibility with the React framework.</li> </ul><p>DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.</p><p></p><p>Source: <a href="http://www.palemoon.org/releasenotes.shtml" target="_blank">Pale Moon - Release Notes</a></p></blockquote><p></p>
[QUOTE="Bot, post: 791882, member: 52014"] [SIZE=18px][B]v28.3.0 (2019-01-15)[/B][/SIZE] This is a major development and bugfix release. Changes/fixes: [LIST] [*]Added AV1 support for MP4/MSE videos. Please note that this is a reference library implementation and the upstream decoding lib currently has poor performance for higher resolutions (720p+). This is disabled by default; use the about:config preference media.av1.enabled to enable this codec. [*]Changed the API used for video playback with FFmpeg 58+. This should solve performance issues with VPx. [*]Redesigned the main toolbar icons as SVG images to make them HiDPI compliant. [*]Fixed the sync notification (infobar) icon. [*]Fixed a potential cycle collector resource leak. [*]Added icons and controls to tabs to indicate if sound is playing the tab and if so, allowing the user to mute it with a click. This is a native implementation of the API in use in Basilisk and performs the same function as the "expose noisy tabs" extension, although the extension may still be preferred by some for e.g. skinning capabilities. The feature may be disabled with browser.tabs.showAudioPlayingIcon. [*]Removed support for VR hardware. [*]Fixed out-of-bounds sizes for CSS calculation strings. [*]Removed the DirectShow component since it is no longer necessary. [*]Removed Firefox Accounts integration, phase 1: [*] [LIST] [*]Changed the Sync client to the one from Tycho. [*]Made Sync optional at build time. [/LIST] [*]Stopped trying to cater to addons.mozilla.org since they no longer offer anything useful to Pale Moon after the Great XUL Extension Purge™. [*]Added an option to process favicons for optimal sized display and removing animations. Enable this with browser.chrome.favicons.process [*]Fixed an incorrect preference reference in feed reader. [*]Fixed an issue with lazy frame construction on display:contents elements. This should solve e.g. the use of mathjax in comments on stackoverflow. [*]Media code improvements and cleanup (ongoing). [*]Updated the DropBox useragent override to solve login issues. [*]Fixed potential crashes due to shutdown observers in VTT and font lists. DiD [*]Enabled some mistakingly-disabled optimizations in the JS JIT compiler. [*]Fixed several potential crashes in JS. DiD [*]Fixed several potential crashes in WebCrypto. DiD [*]Fixed a potential crash in JS Range Analysis. DiD [*]Fixed a potential crash in the layout engine due to combo boxes. DiD [*]Fixed a potential shutdown crash in non-standard environments related to 2D Canvas. DiD [*]Fixed a potential overflow in the PNG writer. DiD [*]Fixed a potential double-free in the MAR signing utility. DiD [*]Fixed an issue where URLs could be extracted cross-origin (CVE-2018-18494). [*]Updated NSPR to v4.20. [*]Updated NSS to 3.41, providing (among other things) full compatibility with the final version of TLS 1.3 on websites. [*]Updated location.protocol to the latest spec. [*]Updated Intersection Observers to the latest spec and enabled them by default. [*]Updated the SQLite lib to 3.26.0. [*]Fixed errors about the login manager's recipeManager not being available (yet). [*]Switched status bar download arrow to SVG. [*]Fixed a crash in IntersectionObservers. [*]Fixed initialization of the Search service from browser code to avoid synchronous init. [*]Added logging of performance warnings to devtools consoles. [*]Fixed favicons in taskbar tab preview listings. [*]Blocked Comodo IS dll < version 6.3 to prevent startup crashes. [*]Fixed issues in the HTML form submit observer module. [*]Limited resolving depth of CSS variables to a sane maximum (fixes cras.sh issue). [*]Removed Mozilla's proprietary constructor on WebAudio's AudioContext, aligning it with the standard specification. [*]Exposed the previously hidden preference in about:config for page thumbnail generation (some people prefer this for local privacy). [*]Aligned Element.ScrollIntoView with the DOM specification. This improves, among other things, compatibility with the React framework. [/LIST] DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered. Source: [URL="http://www.palemoon.org/releasenotes.shtml"]Pale Moon - Release Notes[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
