Page 1 of 1

Pale Moon 20.1 released!

Posted: 2013-05-23, 12:07
by Moonchild
Pale Moon 20.1 has been released!

This is a minor update with a number of security and stability fixes and a few small other changes.
Some new features of Firefox 21 have not been ported over to this version by design.

Changes:
  • Update of the libpixman graphics library to improve performance for SSE2 CPUs.
    Some improvements are implemented in the optimized code paths for SSE2 instructions in the libpixman library.
  • Change to the "Clear download history" setting for use with the panel-based download manager (classic UI unaffected).
    This change makes the UI clearer for privacy settings, to synchronize the setting for history&download in the preferences dialog box when the new download panel is used (since the new panel uses a history list for downloaded files in the library rather than a separate list). For panel downloads, both settings are now linked. For the classic download, a separate choice can be made for history and downloads as before.
New changes in Firefox code not included by design in this version of Pale Moon:
  • Removal of E4X - Pale Moon will keep this available until the next major release.
  • Removal of Places History API for add-ons.
    More add-ons will be able to continue functioning if they make use of these APIs.
  • Addition of scoped stylesheet implementation.
    This advocates the use of in-line styling in webpages (using style= parameters on elements instead of using classes and IDs), which is something we have been trying to move away from for some years now! It promotes using messy page code. Let's all keep things clean, shall we?
  • Implementation of FHR (Firefox Health Report - advanced usage/app metrics collection and submission).
    Although it would allow users to get a bit more details about what is going on in their browser, the implementation is only partial to begin with, and there's no reason to add a potential privacy issue to Pale Moon in terms of telemetry-under-a-different-name.
Fixes:
  • (CVE-2013-1674) Fix for UAF with video and onresize event (crash fix)
  • (CVE-2013-1675) Fix for parameters being used uninitialized
  • (CVE-2013-1676) Fix for out-of-bounds read in SelectionIterator::GetNextSegment
  • (CVE-2013-1679) Fix for heap use-after-free in mozilla::plugins::child::_geturlnotify
  • (CVE-2013-1680) Fix for heap-use-after-free in nsFrameList::FirstChild (crash fix)
  • (CVE-2013-1681) Fix for heap-use-after-free in nsContentUtils::RemoveScriptBlocker (crash fix)
  • Fix for out-of-bounds read crash in PropertyProvider::GetSpacingInternal (crash fix)
  • Fix for out-of-bounds read in gfxSkipCharsIterator::SetOffsets
  • Fix for assertion failure in nsUnicharStreamLoader::WriteSegmentFun with ISO-2022-JP
  • Fix for crash with inline script in an XML doc (crash fix)
  • Fix for "ASSERTION: Out of flow frame doesn't have the expected parent" and crash (crash fix)
  • Fix for nsScriptSecurityManager::CheckLoadURIWithPrincipal being broken
  • Fix for a problem where the IPC Channel could overwrite the stack
  • Fix for Crash in MediaDecoder::UpdatePlaybackOffset (crash fix)
  • Fix for Crash [@ nsTextFrame::HasTerminalNewline()] with splitText (crash fix)
  • Fix for FTP use-after-free crash (crash fix)