2015/08/27 Pale Moon 25.7.0 きてるっぱねぇ・・
01:35
ばんわっぱ かっぱだっぱ
Firefox派生タブブラウザ PaleMoonの話っぱの**前記事は2015/07/29 PaleMoon 25.6.0 来てたっぱね
XPの人は、「Pale Moon forum • View topic - End of support for PM4XP」を参照の事 前回のUpdate「フィンガーキャンバスプリント」対策が乗ってるので気になる人は前記事参照だの
で・・今回はと・・
リリースノート曰く
Pale Moon - Release Notes ** http://www.palemoon.org/releasenotes.shtml
25.7.0 (2015-08-26)
This is a bugfix and maintenance release.
Fixes/changes:
- Code cleanup: Removed the (otherwise unused) visual event tracer code.
- Code cleanup: Removed reflow performance tracing code (telemetry).
- Fixed a key JavaScript bug where defining properties on an object would wipe the object. This seems to be a common issue with “modern” libraries that use “define” instead of “change” and expecting the other properties on the object to be retained, resulting in “x is undefined” errors all over the place if the object is wiped. This aligns the behavior with ES6’s “Validate and apply property descriptor” pseudo-function.
- Updated the SQLite library to 3.8.11.1.
- Added support for the element.matches() Web API function.
- Added support for BASE tag parsing in source view. Previously, when viewing the source of a document, clickable links would be incorrect if a base path was specified in the document with this tag.
- Fixed an issue with running timers after the computer would have been put to sleep with the browser opened.
Security fixes:
- Added protection against potential bugs where our SVG mPositions is out of sync with the characters in the DOM. DiD
- Fixed use-after-free vulnerability in XMLHttpRequest::Open() (CVE-2015-4492)
- Fixed use-after-free vulnerability in the StyleAnimationValue class (CVE-2015-4488)
- Fixed crash or memory corruption in nsTArray (CVE-2015-4489)
- Fixed crash or memory corruption in nsTSubstring::ReplacePrep (CVE-2015-4487)
- Fixed potential escalation of privileges or crash (out-of-bounds write) via a crafted name in MARs (x64 only) (CVE-2015-4482)
- Fixed an issue that would allow man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.
(CVE-2015-4483)
DiD This means that the fix is “Defense-in-Depth”: It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
今回は、バグ修正とセキュリティfix類だっぱのでしっかりアップデートしておいたほうがいいっぱの(x・
前回は、フィンガーキャンバスプリント対応とか他より先をいく対応されてたからのぅ・・(有効にするには手動でやらなアカンっぱが・・(前記事参照)) 今回は、そういう系はなさそうだっぱの・・
かっぱでしたっぱ♪