2015/09/29 PaleMoon 25.7.1 来てるっぱね
02:26
ばんわっぱ かっぱだっぱ
Firefox派生タブブラウザ PaleMoonの話っぱの**前記事は2015/08/27 Pale Moon 25.7.0 きてるっぱねぇ・・ 「フィンガーキャンバスプリント」の件で気になる人は前々回記事参照だのXPの人は、「Pale Moon forum • View topic - End of support for PM4XP」を参照の事
で・・今回はと・・
リリースノート曰く
Pale Moon - Release Notes ****http://www.palemoon.org/releasenotes.shtml
2015/10/03追記** 2015/10/02 付けで2つのブラウザ落ち系の修正アプデが来ているのでアップデート忘れずにのぅ 25.7.2だの—
25.7.1 (2015-09-28)
This is a security, stability and web-compatibility update. This also marks a security update for the Android version of Pale Moon to keep users of the otherwise currently unmaintained OS updated regarding known security vulnerabilities.
Fixes/changes:
- Code cleanup: Removed the majority of remaining telemetry code (including the data reporting back-end and health report) to prevent a few issues with partially removed code in earlier versions.
- Fixed a crash due to handling of bogus URIs passed to CSS style filters (e.g. whatsapp’s web interface).
- Permitted spec-breaking syntax in Regex character classes, allowing ranges that would be permitted per the grammar rules in the spec but not necessarily following the syntax rules. This impacts a good number of (also higher profile) sites that use invalid ranges in regular expressions (e.g. Cisco’s networking academy site, Yahoo Fantasy Football).
- Fixed a crash due to the newly introduced WASAPI handling of audio channel mapping that doesn’t like actual surround hardware setups (e.g. playing a video with quadraphonic audio on a 4-speaker setup).
- Fixed an issue where site-specific dictionary selections would be written to content preferences without the user’s action, potentially overwriting or clearing a previously-chosen dictionary.
- Added support for drag and drop of local files from sources which use text/uri-lists. (Some Linux flavors/file managers)
- Updated libnestegg to the most current version.
- Fixed an issue where setting the location to an empty string could cause a reload loop.
Security fixes:
- Changed the jemalloc poison address to something that is not a NOP-slide. DiD
- Fixed a memory safety hazard in ConvertDialogOptions (CVE-2015-4521)
- Fixed a buffer overflow/crash hazard in the VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE (CVE-2015-7179)
- Fixed an overflow/crash hazard in the XULContentSinkImpl::AddText function (CVE-2015-7175)
- Fixed a stack buffer overread hazard in the ICC v4 profile parser (CVE-2015-4504)
- Fixed an HTMLVideoElement Use-After-Free Remote Code Execution 0-day vulnerability (ZDI-CAN-3176) (CVE-2015-4509)
- Fixed a potentially exploitable crash in nsXBLService::GetBinding
- Fixed a memory safety hazard in nsAttrAndChildArray::GrowBy (CVE-2015-7174)
- Fixed a memory safety hazard for callers of nsUnicodeToUTF8::GetMaxLength (CVE-2015-4522)
- Fixed a heap buffer overflow/crash hazard caused by invalid WebM headers (CVE-2015-4511)
DiD This means that the fix is “Defense-in-Depth”: It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
例によってセキュリティと安定性向上アップデートだっぱが(x・ 割と食らった人が多そうなのは・・・ CSS周りでクラッシュする不具合とか空の文字列に対してリロードループする不調が出てた人は修正されたっぽいのぅ
あとはFirefoxで行われた修正と大体同じ感じだっぱの(x.
相変わらず調子よく使えててなによりだっぱの
かっぱでしたっぱ♪