This is also a security update, bringing Pale Moon once again up to level with Firefox in terms of known vulnerabilities in Mozilla code.
- Fixed certain network errors not displaying.
- Fixed network error page styling.
- Fixed the writing of DOM storage data to tabs (should solve the "tabs not loading their contents" issue when migrating a profile and some other situations).
- Disabled downloadable font unicode-ranges on non-Windows platforms.
- Added a Google Fonts user-agent override for non-Windows platforms so they don't send unicode-ranged composite fonts (Feature detection? Google apparently still doesn't know what that is).
- Re-enabled the reporting of CSS errors to the console by default to prevent issues with some extensions who rely on this (e.g. Stylish).
- Fixed and updated preferences for location bar suggestions.
- Fixed several x64-specific issues in memory allocation code (regression fix).
- Fixed timer issues when resuming a computer from stand-by (regression fix).
- Fixed a number of branding and textual issues in the browser.
- Fixed prompting for the saving of off-line data (previously always allowed without prompting).
- Fixed a layout regression that would cause block elements following left floats to not wrap to the next line if there wasn't enough clearance.
- Fixed a mismatch in Firefox extension compatibility-mode installation where Firefox extensions served by addons.mozilla.org would be marked incompatible when trying to install.
Security-related and crash fixes:
- Fixed use-after-free while manipulating DOM events and removing audio elements (CVE-2016-9899).
- Fixed CSP bypass using the marquee tag (CVE-2016-9895).
- Fixed a vulnerability in the internal Jetpack modules (CVE-2016-9903). DiD
- Fixed use-after-free in Editor while manipulating DOM subtrees (CVE-2016-9898).
- Fixed an error in the buffer logic in http-chunked decoder.
- Fixed a crash in generational GC code (not in use by default) DiD
- Fixed a compartment mismatch bug in plug-in code
- Fixed a crash trying to get a nonexistent property.
- Improved MediaRecorder's observer safety.
- Fixed a crash related to document history.
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes or an extension exposes vulnerable code.