Changes/fixes:
- Removed the sanity check for unsupported point-of-sale XP-based operating systems by user request.
Please see the relevant boards for information on which operating systems we can reasonably support. - Changed the way "transparent" is handled in Goanna to improve transparent gradients using this keyword.
We now handle linear gradients going to "transparent' without going through a "black point" causing grey/silver to appear in fades from color to transparent, but without compromising on the color gradients that might be present when opacity changes. - Made sure that dom.disable_beforeunload is predefined in about:config.
- Fixed web compatibility issues with Youtube, Youtube Gaming, Yuku fora and Netflix.
- Fixed web compatibility with Comcast/XFinity webmail and other sites or web applications that expect older JavaScript versions as default.
If you've had issues with 26.0.0 using on-line services, please try again with this version. - Reinstated the about:config warning by default, with a proper alternative text.
- Fixed 2 potential browser crashes.
- Updated NSS to 3.19.4.1-PM to fix a potential UAF and CVE-2015-7575.
For people building from source: we currently do not support building with a system-installed NSS because our version is forked for extra functionality and differences in built-in certificate trust.
It's strongly recommended to build Pale Moon with in-tree NSPR as well as in-tree NSS to keep those libraries at expected versions for the Pale Moon code. - Crash fix: Prevented queueing multiple media sources that could lead to unsafe memory access.
- Prevented unsafe memory manipulations in zip archives. (CVE-2016-1945) DiD
- Prevented a potential buffer overflow in WebGL. (x64 only) (CVE-2016-1935) DiD
- Updated the way binaries are code-signed. Not only does v26.0 use a new SHA256-signed digital certificate, but starting this version will also be signed with both SHA1 and SHA256 digest algorithms to satisfy later Windows' code-signing requirements.
Note: version 26.0.1 was an internal development/testing release that was not published due to a critical flaw that would cause hangups.