2015/11/18 PaleMoon 25.8.0 きてるっぱねぇ

00:52

著者: かっぱ

カテゴリー: パソコン・インターネット, IT技術ネタ?

タグ:Firefox, タブブラウザ, Pale, Moon, 25.8.0, アップデート

ばんわっぱ かっぱだっぱ

Firefox派生タブブラウザ PaleMoonの話っぱの**前記事は2015/10/15 Pale Moon 25.7.3 来てるっぱねぇ 「フィンガーキャンバスプリント」の件で気になる人は4回前記事参照だの

XPの人は、「Pale Moon forum • View topic - End of support for PM4XP」を参照の事

で・・今回はと・・セキュリティアップデートと利便向上系のアップデートらしいのでとっととやっておいたほうが良さそうっぱ(x.

リリースノート曰く

Pale Moon - Release Notes ** http://www.palemoon.org/releasenotes.shtml

25.8.0 (2015-11-17)

This is a security, stability and usability update.

Fixes/changes:

  • Updated LibVPX to 1.4.x to be able to play more kinds of VP9-encoded videos.

  • Updated the JPEG decoder library to 1.4.0.

  • Fixed and cleaned up XPCOM timer thread code to avoid intermittent issues with events not firing (especially after stand-by).

  • Updated overrides to work around issues with Facebook and Netflix.

  • Fixed an issue where too-old system-supplied NSPR and/or NSS libraries would be accepted for use.

Security fixes:

  • Updated the libpng library to 1.5.24 to address critical security issues CVE-2015-7981 and CVE-2015-8126
  • Updated the NSPR library to 4.10.10 to address several security issues.
  • Updated the NSS library to 3.19.4 to address several security issues.
  • Fixed a memory safety hazard in SVG path code (CVE-2015-7199).
  • Fixed an issue with IP address parsing potentially allowing an attacker to bypass the Same Origin Policy (CVE-2015-7188).
  • Fixed an Add-on SDK (Jetpack) issue that would allow scripts to be executed despite being forbidden (CVE-2015-7187).
  • Fixed a crash due to a buffer underflow in libjar (CVE-2015-7194).
  • Fixed an issue for Android full screen that would potentially allow address spoofing (CVE-2015-7185).
  • Added size checks in canvas manipulations to avoid potential image encoding vulnerabilities like CVE-2015-7189. DiD
  • Fixed potential information disclosure vulnerabilities through the NTLM authentication mechanism. Insecure NTLM v1 is now disabled by default, and the workstation name is set to WORKSTATION by default (configurable with a preference for environments where identification of workstations is done by actual reported machine name). This avoids issues like CVE-2015-4515.
  • Fixed a potentially vulnerable crash from a spinning event loop during resize painting. DiD
  • Fixed several Javascript-based memory safety hazards. DiD

DiD This means that the fix is “Defense-in-Depth”: It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.


一部の動画やら画像描画周りが不調だった人は今回のアプデで改善してるかもしれないっぱねぇ・・・(x.

かっぱでしたっぱ♪

…そういや大蜥蜴まだっぱかのぅ?