- Privacy fix: prevented update checks for the default theme.
- Added a user-agent override for Dropbox to improve compatibility with their service.
- Fixed an issue with mouseover handling related to (CVE-2018-5103). DiD
- Disabled the Mac OSX Nano allocator. DiD
- Fixed (CVE-2018-5129) OOB Write.
- Updated the lz4 library to 1.8.0 to solve potential issues. DiD
- Fixed (CVE-2018-5137) Path traversal on chrome:// URLs
- Fixed several memory safety an synchronicity hazards.
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.