Pale Moon updated to 27.0.3!

Pale Moon releases and site news
(read-only)
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Pale Moon updated to 27.0.3!

Unread post by Moonchild » 2016-12-16, 11:24

Just in time for the holidays, another point release to address a number of bugs and regressions with the new milestone.
This is also a security update, bringing Pale Moon once again up to level with Firefox in terms of known vulnerabilities in Mozilla code.

Changes/fixes:
  • Fixed certain network errors not displaying.
  • Fixed network error page styling.
  • Fixed the writing of DOM storage data to tabs (should solve the "tabs not loading their contents" issue when migrating a profile and some other situations).
  • Disabled downloadable font unicode-ranges on non-Windows platforms.
  • Added a Google Fonts user-agent override for non-Windows platforms so they don't send unicode-ranged composite fonts (Feature detection? Google apparently still doesn't know what that is).
  • Re-enabled the reporting of CSS errors to the console by default to prevent issues with some extensions who rely on this (e.g. Stylish).
  • Fixed and updated preferences for location bar suggestions.
  • Fixed several x64-specific issues in memory allocation code (regression fix).
  • Fixed timer issues when resuming a computer from stand-by (regression fix).
  • Fixed a number of branding and textual issues in the browser.
  • Fixed prompting for the saving of off-line data (previously always allowed without prompting).
  • Fixed a layout regression that would cause block elements following left floats to not wrap to the next line if there wasn't enough clearance.
  • Fixed a mismatch in Firefox extension compatibility-mode installation where Firefox extensions served by addons.mozilla.org would be marked incompatible when trying to install.
Security-related and crash fixes:
  • Fixed use-after-free while manipulating DOM events and removing audio elements (CVE-2016-9899).
  • Fixed CSP bypass using the marquee tag (CVE-2016-9895).
  • Fixed a vulnerability in the internal Jetpack modules (CVE-2016-9903). DiD
  • Fixed use-after-free in Editor while manipulating DOM subtrees (CVE-2016-9898).
  • Fixed an error in the buffer logic in http-chunked decoder.
  • Fixed a crash in generational GC code (not in use by default) DiD
  • Fixed a compartment mismatch bug in plug-in code
  • Fixed a crash trying to get a nonexistent property.
  • Improved MediaRecorder's observer safety.
  • Fixed a crash related to document history.
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes or an extension exposes vulnerable code.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked