2015/07/29 PaleMoon 25.6.0 来てたっぱね

00:24

著者: かっぱ

カテゴリー: パソコン・インターネット, IT技術ネタ?

タグ:Firefox, 派生, タブブラウザ, PaleMoon, 25.6.0

ばんわっぱ かっぱだっぱ

Firefox派生タブブラウザ PaleMoonの話っぱの**前記事は2015/06/11 Pale Moon 25.5.0 きてるっぱね あ、そうそう・・・XP利用者の人は、「Pale Moon forum • View topic - End of support for PM4XP」を参照の事(・Θ・ そして今回のUpdate「フィンガーキャンバスプリント」対策の件もある様子だの・・

リリースノート曰く

Pale Moon - Release Notes ****http://www.palemoon.org/releasenotes.shtml

25.6.0 (2015-07-27)

This release addresses some security issues and a range of usability improvements to the browser.

Fixes/changes:

  • Canvas anti-fingerprinting option: Pale Moon now includes the option to make canvas fingerprinting much more difficult. By setting the about:config preference canvas.poisondata to true, any data read back from canvas surfaces will be “poisoned” with humanly-imperceptible data changes. By default this is off, because it has a large performance impact on the routines reading this data.

  • Added a feature to allow icon fonts to be used even when users disallow the use of document-specified fonts. This should retain full navigation for icon-font heavy websites (no more dreaded “boxes” with hex codes) when custom text fonts are disabled.

  • Added a feature to prevent screen savers from kicking in when playing full-screen HTML5 video. This is currently not yet operational on Linux because of stability issues we’ve run into on that OS, but Windows should properly benefit from this change.

  • The “autocomplete=off” parameter for signon forms is now completely ignored by default, to keep the user in control of their browser’s behavior and allowing credentials to be saved if wished. If you prefer the previous behavior, allowing a website to determine whether autocomplete should be allowed or not, then change the about:config preference signon.ignoreAutocomplete to false.

  • Reinstated the packaging of pre-compiled scripts in the browser. Hopefully this will fix the reports by some users who found that initial start-up after installation/upgrade of the browser was unacceptably slow. Unfortunately this means a slightly larger download/install size as a trade-off.

  • Added the option to use Chrome://../skin/ overrides, in effect allowing the use of “Icon themes”; toolbar icon replacements to customize your browser icons without the need for any CSS or full-blown theming.

  • Added a count for the number of matches in the find bar. it will now list the total number of matches found, and which match is the currently highlighted one.

  • Fixed the issue where highlighted words after finding and highlighting them all in a page would remain highlighted when closing the find bar.

  • Added support for CSP ‘nonce’ keywords (CSP 1.1/2.0). Please note that this is still experimental and may not work 100% as-expected. Please report any bugs you may find.

  • Aligned CSP more with the spec in terms of reporting and case-sensitivity of matches, and made it more app-friendly.

  • Added -moz-os-version selectors for @media CSS queries to simplify theming on different operating systems (esp. Windows).

  • Updated and improved several languages for the Status Bar code, and added Slovenian.

  • Fixed an issue in the internal updater window not showing proper language strings.

  • Fixed an issue where the unexpected use of “backface-visibility” on non-3D transformed elements (like the body) would break positioned elements on web pages.

  • Fixed text positioning in the combobox display area when a non-default height is set for the combobox.

  • Fixed a crash caused by bad Opus audio encoding in media files.

  • Fixed a crash when trying to measure memory in about:memory while playing video.

  • Fixed a rare crash in sLayersAccelerationPrefsInitialized

  • Fixed miscellaneous other crashes.

  • Fixed a DNS prefetching issue for the people using this feature.

  • Fixed an issue with single-word searches from the address bar when a proxy is in use.

  • Fixed a number of build issues on Linux when using system libs.

  • Added support for link-time optimization on newer Linux compilers.

  • Removed more telemetry code (ongoing project!).

Security fixes:

  • Fixed a memory safety bug due to a bad test in nsZipArchive.cpp (CVE-2015-2735).

  • Fixed a memory safety bug in nsZipArchive::BuildFileList (CVE-2015-2736).

  • Fixed a memory safety bug caused by an overflow in nsXMLHttpRequest::AppendToResponseText (CVE-2015-2740).

  • Fixed a Use After Free in CanonicalizeXPCOMParticipant (CVE-2015-2722).

  • Fixed off-main-thread nsIPrincipal use of various consumers in the tree (only grab the principal when needed).

  • Fixed an issue where an IPDL message was sent off the main thread.

  • Fixed a potentially exploitable TCPSocket crash due to a race condition.


セキュリティアップデート・バグフィックスはもちろんの事だっぱが(・Θ・ ちゃんと更新して使うのと・・・


Canvas anti-fingerprinting option: Pale Moon now includes the option to make canvas fingerprinting much more difficult. By setting the about:config preference canvas.poisondata to true, any data read back from canvas surfaces will be “poisoned” with humanly-imperceptible data changes. By default this is off, because it has a large performance impact on the routines reading this data.

の件かの(・Θ・ フィンガーキャンバスプリント **って言葉に聞き覚えない人多いと思うっぱが・・

簡単にいうと「Cookie」で個人特定の件が問題になってオプトアウトしてる人は少なく無いと思うっぱが・・・それと別の手法で情報抜いてやるぜー!!ヒモ付してやるぜー!!という話だの・・・Cookieなしでユーザー特定が可能、ブラウザー・フィンガープリントとは(前) - Cookieなしでユーザー特定が可能、ブラウザー・フィンガープリントと…:Computerworld 他所様の記事だっぱが上のような行為だっぱね( ´゚д゚)(゚Θ゜` )ネー

一応PaleMoonで対策機能あるけど、使うと不都合出る場合もあるだろうし…(情報ほしがってる側に誤情報を渡す形になるので)必要に応じて設定値をTrueにして(あるいはサイトに合わせて切り替える等)しないといけない気配も多少あるっぱねぇ・・(うーん)

あとはオートコンプリートの挙動が再セットアップする場合は変更になってるので留意かものぅ…(だよの?)

そんな気配だっぱよの?

かっぱでしたっぱ♪