- Implemented a breaking CSP (content security policy) spec change; when a page with CSP is loaded over http, Pale Moon now interprets CSP directives to also include https versions of the hosts listed in CSP if a scheme (http/https) isn't explicitly listed.
- Fixed an issue with the XML parser where it would sometimes end up in an unknown state.
- Fixed a few potentially exploitable crashes.
- Fixed a potentially exploitable crash related to text writing direction. (CVE-2016-5280).
- Made checking for invalid PNG files more strict.
Pale Moon's APK is, as usual, available in the Google Play store in a few hours, or downloadable right now from here for sideloading:
Mirror 1 (US): here.
Mirror 2 (EU): here.
Alternatively, you can grab it from our FTP server:
Code: Select all
Size: 24,164,610 Bytes