Pale Moon 20.2 released

Pale Moon releases and site news
(read-only)
Locked
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25767
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Pale Moon 20.2 released

Post by Moonchild » 2013-07-01, 11:38

This is a maintenance update, focusing on visual improvements and security.

Changes:
  • Implementation of some conservative additional multi-core support (mainly in graphics/media) using OpenMP. I'm taking baby steps here and will remain conservative in the use of multiple cores so stability of the browser isn't needlessly endangered.
  • Update of the navigation button icons (again). Users have clearly indicated that the inverted color icons on glass and dark themes were less desirable. I've listened, and changed the icons for glass back to the pre-20 style but with added contrast, and made a distinction for dark personas (themes) where the icons are now simply inverted white (like in Firefox).
  • Change for the color management system (CMS) so that Pale Moon now supports more types of embedded ICC profiles (including the already decade-old version 4 spec) and in the process fixing potential color issues on screens with images that embed such profiles.
  • Update of the browser padlock code. You can now choose both a "modern" look (as introduced in version 19) and a "classic" look (as introduced in version 15, when this padlock feature was first added). It also removes some phantom spacing in locations where the padlock isn't used (thanks for the pointer, Sowmoots!). You can find instructions in the Pale Moon Tweak Guide (PMTG)
Fixes:
  • (CVE-2013-1692) Fix for the inclusion of body data in an XMLHttpRequest HEAD request, making cross-site request forgery (CSRF) attacks via a crafted web site more difficult.
  • (CVE-2013-1697) Fix to restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges.
  • (CVE-2013-1694) Fix to properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.
  • Fix to prevent arbitrary code execution from the profiler developer tool.
  • Fix for a crash when rapidly reloading pages.
  • Fix for cross-document selections.
  • Fixes for several crashes in JavaScript.
  • Fixes for several memory safety hazards and uncommon memory leaks.
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

Locked