Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 1 already applied, 4 DiD, 7 not applicable.Fixed a script sandbox escape issue through XSLT.Fixed a potential spoofing risk using form validation.Fixed a potential crash risk (not exposed).Fixed a potential UAF risk in certain situations in networking.Fixed several intermittent thread sanity issues.Fixed a spec compliance issue with IDN that could potentially cause confusion of domain names.Many customization and configuration options.Extensive and growing support for HTML5 and CSS3.Support for a growing number of Pale Moon exclusive extensions.Increased stability: experience fewer browser crashes.Smooth and speedy page drawing and script processing.Support for easily-created lightweight themes (skins).Support for full themes: total freedom over any elements design.Familiar, efficient, fully customizable interface.Supported by our user community, and fully non-profit.Secure: Additional security features and security-aware development.Safe: forked from mature Mozilla code and regularly updated.Based on proprietary optimized layout engine (Goanna).Bug #982974 - Be paranoid about neutering ArrayBuffer objects. Bug #983344 - JavaScript: Simplify typed arrays and fix GC loops. Bug #982906 - Remove option for security bypass in URI building. Bug #982957 - Fix crash if certain sweeps run out of memory. Bug #982909 - Consistently use inner window when calling OpenJS. Bug #896268 - Use a stateless approach to synchronous image decoding. Bug #940714 - Add an RAII class to make synchronous raster image decoding safer. Feature update: Selecting "Warn me when closing multiple tabs" in the Options window will now apply both to closing a window and closing other tabs in the tab bar. There may have been a few other, similar small usability bugs in the same code that have now been fixed. Bugfix: the new status bar code in 24.4.0 had a bug, preventing the downloads panel/window from opening when clicking on the download status indicator.
0 kommentar(er)
