Pale Moon 25.3 released!

Pale Moon releases and site news
(read-only)
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Pale Moon 25.3 released!

Unread post by Moonchild » 2015-03-13, 13:52

Pale Moon 25.3 has been released!

This is an important update to improve features and performance, as well as address important security issues.

Fixes/changes:
  • Overhauled WebGL. It now properly supports depth textures, shadow mapping and glow shaders.
    Note that older operating systems or video cards may be limited in their support of these features.
  • Updated the ANGLE library to a much more current version.
  • Removed the crash reporter code completely to improve overall browser responsiveness and operation.
    Please note that a necessary victim of this has been the in-browser (devtools) SPS profiler because of its reliance on crash reporter data-gathering tools.
  • Removed the Mozilla Plugin Finder Service (no longer in use @Mozilla).
  • Android: removed the Mozilla "product announcements" service.
  • Re-added control of the number of concurrent tabs to be restored from a session with browser.sessionstore.max_concurrent_tabs (accepted values 1-10)
  • Significantly improved performance and accuracy of date/time/timer handling.
  • Significantly improved performance of the creation of DOM nodes with plain text content.
  • Added several significant performance optimizations for arrays and strings in javascript.
  • Added several code performance optimizations and bugfixes in SVG, the presentation shell, SCTP, style gradients and CSS parsing routines. (Thanks, Axiomatic!)
  • Added an "Open link in current tab" context menu entry on links for UI consistency.
  • Updated styling of the browser with personas (lightweight themes) once more to improve display in tabs-on-top mode, improve overall legibility of tab text, and display of inverted close buttons on some controls on dark personas.
  • Added a special case check for the Flash plugin version check on Linux failing due to commas instead of periods in the version string.
  • Added Windows 10 compatibility in executable manifests.
  • Android: Fixed a crash on GL canvas surfaces.
  • Fixed incorrect Sync "howto" instruction links from the Sync dialogs.
  • Fixed the color of selected tabs in Linux when personas (lightweight themes) are in use that do not match the overall tone of the OS system theme.
  • Fixed a bug where a variable in parentheses would abort Javascript parsing.
  • Fixed a bug where the address bar would incorrectly be cleared.
  • Fixed padding issues for dropdown lists.
  • Fixed DNS lookups so proper record types are requested for IPv4 and IPv6.
Security fixes:
  • Disabled all RC4-based encryption ciphers by default.
  • Fixed several miscellaneous memory safety hazards.
    (applicable bugs related to CVE-2015-0835 and CVE-2015-0836)
  • Fixed loading of locally stored DLL files through the internal updater. (CVE-2015-0833)
  • Fixed a potential crash point in IndexedDB. (CVE-2015-0831) DiD
  • Fixed a double-free situation when using non-default memory allocators and a 0-length XHR. (CVE-2015-0828)
    Note: production builds of Pale Moon were never vulnerable.
  • Fixed a crash using DrawTarget in the Cairo graphics library. (CVE-2015-0824)
  • Fixed potential reading of local files through manipulation of form autocomplete. (CVE-2015-0822)
  • Fixed a potential PNG heap-overflow crash. DiD
  • Followed up on research regarding CVE-2014-8639 (see 25.2) and made cookie handling through proxies more restrictive again.
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked