2017/02/12 Pale Moon 27.1.0 三日前に来たっぱね(2017/03/08追記あり)
13:35
こんにちぱ かっぱだっぱ**一ヶ月半ぶりのアップデートで少し気がつくのが遅れたっぱよ(笑
Firefox派生タブブラウザ PaleMoonの話っぱの 前記事は2016/12/18 Pale Moon 27.0.3 16日に来てたね
「フィンガーキャンバスプリント」の件で気になる人は2015/07/29 PaleMoon 25.6.0 来てたっぱね記事参照だの
XPの人は、「Pale Moon forum • View topic - End of support for PM4XP」を参照の事 +最近のリリースに関係してPale Moon 26 and POSReady2009 - Pale Moon forumも参照の事Pale Moon 27.0.0からXP対応していないので注意
10ヶ月位前?から、大トカゲ**(Goanna)さんにレンダリングエンジン変わったそうっぱ(・Θ・普通に使う分には多分問題ないけど特定のウェブサイトでうまく表示できない時は、サイト管理者の方にまず相談してからフォーラムにどういう手順でやると問題がおきるか投稿して相談するといいっぱよ(´・Θ・)(・Θ・`)ネー**
リリースノートいわく・・
Pale Moon - Release Notes****http://www.palemoon.org/releasenotes.shtml
27.1.0 (2017-02-09)
This is a major update with lots of development and bugfixes. It also introduces the so-called “PMkit” modules, our effort to restore compatibility with Jetpack/SDK extensions and making it possible for extension developers to convert their SDK extensions with little effort to a Pale Moon compatible format. For more details please check the PMkit documentation on the developer wiki.
Changes/Fixes:**
- Reworked the media back-end completely (thanks Travis!) to use FFmpeg (including support for FFmpeg v3 and MP3 playback) and our own MP4 parser, and no longer relying on gstreamer on Linux, as well as adding some improvements on Windows for media parsing and playing.
- On Linux, Apple .mov files of the correct type will also be played through FFmpeg now, for those rare occasions where they are still in use, considering there is no Quicktime plug-in available on that operating system.
- Restored the classic about:config styling.
- Added a fallback to US-ASCII if the autoconfig UTF-8 conversion fails.
- Improved cross-compartment wrapper handling when managing a large number of tabs (fixes a performance regression with v27).
- Changed the way audio and video synchronization is calculated to account for (slow) device latency, preventing things from getting out of sync on e.g. BlueTooth-connected speakers.
- Changed the way scripts are handled when they are stopped from the “unresponsive script” dialog, to prevent browser lockup. We will now stop all scripts in the affected compartment in one go.
- Fixed several errors in the devtools.
- Fixed a nasty crash caused by cross-origin referrers.
- Fixed the installer to allow 64-bit versions of the browser to be installed on Vista again.
- Added HTML5-spec clipboard handling for content (cut© only – paste is not allowed for security reasons).
- Made multiple changes to the toolkit jetpack modules to cater to PMkit extensions.**This should make running SDK-based modules as PMkit extensions fairly simple for extension developers. See the introductory text to these release notes.
- Fixed a css layout issue: make max-width affect contributions to intrinsic min-width.
- Implemented several updates to the permissions manager. Among others, Improved the permissions manager (about:permissions) with a more complete set of permissions for pages.
- Removed otherwise unused Metro browser platform/widget code.
- Removed support for non-standard/deprecated let blocks and expressions.
- Made the use of let as a keyword versionless and ES6 compliant.
- Made the privacy category in preferences a tabbed setup to better fit the current options.
- Fixed a regression preventing certain MP4 video files from playing.
- Fixed a regression where seeking in media files would halt playback/jump to the end of the stream.
- Fixed a crash caused by certain downloadable fonts with DirectWrite in use.
- Improved downloads-button indicator legibility on some combinations of Windows versions and system theme colors.
- Changed the Facebook user-agent override to be our native one, based on reports from users that it is (finally) working acceptably.
- Fixed site-specific useragents being ignored if a global override is defined.
Security/privacy changes:**
- Changed CORS handling to allow data: sources, assuming they are same-origin. This should fix the infamous “Facebook endless reload” issue and may make some other sites that assume this particular (unspecified) CORS behavior happy with Pale Moon.
- Reinstated the network.stricttransportsecurity.enabled preference so people who choose privacy over HSTS can do so again.
- Added, In HSTS “off” state, prevention of HSTS site status from being written to disk.
- Updated the IDN blacklist with more extended unicode characters that “look very similar to” normal ASCII characters, to prevent spoofing of well-known domains. If blacklisted characters are found, the IDN domain name will be displayed in its punycode form. (CVE-2017-5383 and similar)
- Fixed an exploitable crash when using MP4 video. (CVE-2017-5396)
- Fixed an exploitable crash in XSL parsing. (CVE-2017-5376)
- Fixed a potential security issue when exporting certificates with specially-crafted credentials. (CVE-2017-5381)
- Fixed a potential use-after-free situation in frame selection. (CVE-2017-5380) DiD
- Fixed a leak of window details through the Ion compiler in certain situations.
- Fixed the potential for an exploitable crash involving Javascript GC. DiD
- Fixed a potential overflow situation in (non-released) WebRTC code. DiD
- Fixed a potentially unsafe situation in websockets. DiD
- Fixed several memory and other safety hazards (BMO bugs 1318766, 1325877, 1328834 DiD, 1288561 DiD, 1322420 DiD, 1293327 DiD, 1322315, 1325344, 1285960).
DiD This means that the fix is “Defense-in-Depth”: It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
—**メジャーアップデートの所為で書いて有ることが多いっぱのぅ(。Θ。 Linux版での動作互換性の向上させた話やら… 大量のタブを利用する際のパフォーマンス調整 オーディオとビデオの再生時にBluetoothスピーカーとかの音がずれたりする件をちゃんと同期するように修正したとか メディアファイル(動画とか)関係での不具合の修正とかが目立ってる感だっぱ あとはfacebook関係の不具合に関する修正や本家firefoxと同様にセキュリティ・プライバシー関係の細かい修正を行った様子だっぱ
ちゃんとアップデートして使えば大事無いと思うっぱ o(`・Θ・´)oウン!! 私的にゃ・・グーグルにせよフェイスブックにせよ怪しい面もあるから・・これがないと困るっぱよのぅ(ぶつぶつ
かっぱでしたっぱ♪
**
2017/03/08 追記
そういえぱ・・・ 3月3日にミニUpdateがあったっぱの(・Θ・
1行だけメディア要素で固まる問題の回避修正したっぽいのぅ
短いので追記ですますっぱ(こら