WinFuture-Forum.de: Pale Moon - WinFuture-Forum.de

Zum Inhalt wechseln

Beiträge in diesem Forum erhöhen euren Beitragszähler nicht.
  • 8 Seiten +
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Letzte »

Pale Moon Der optimierte Firefox-Derivat für aktuelle Systeme

#46 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 10. Oktober 2014 - 14:18

Pale Moon 25.0

Changelog:
Fixes/changes:
  • Stop supporting Windows XP. As mentioned a few times before, Windows XP has reached the end of its life (back in April), and Pale Moon's support for Windows XP (and any other NT 5.x based operating system) has now ended. An exception to this is the specialized Atom build because of limited operating system availability on netbooks and the like. More details on the dedicated page for this change.
  • Change of the browser's GUID (Globally Unique Identifier) to properly differentiate from Firefox and solve a number of development issues that were preventing Pale Moon from moving forward.
    The new GUID is {8de7fcbb-c55c-4fbe-bfc5-fc555c87dbc4}
    This change will impact extension compatibility for extensions that hard-code the Firefox GUID in them. This includes a few widely-used extensions like AdBlock Plus. The developers of these problematic extensions have been contacted, and necessary information was posted almost 2 months ago that would allow extension developers to update their extensions for Pale Moon. Unfortunately many have not responded, resulting in the extensions still being incompatible with Pale Moon at the time of this writing. More details and a list of currently known incompatible add-ons are listed on the new Pale Moon add-ons site. You may also want to visit the following forum thread for updates and compatibility reports.
  • Allow extensions with both Pale Moon GUID and Firefox GUID to be installed natively (dual-ID system).
    Pale Moon GUID blocks will have preference over Firefox (compatibility) blocks.
    This means Pale Moon will not only accept extensions written for Pale Moon specifically as a target application, but also extensions that were written for Firefox. If an extension targets both applications, Pale Moon will use the information supplied in the Pale Moon application information to determine compatibility.
  • Disconnect of Pale Moon's "Firefox compatibility" version from Pale Moon's application version to maintain Firefox 24.* extension compatibility regardless of Pale Moon version.
    This will allow Pale Moon to continue offering compatibility with Firefox 24.*-compatible add-ons while Pale Moon's own version number increases, without causing potential confusion for add-ons (e.g. an extension that is only compatible with Firefox 25 and later will not install on Pale Moon 25).
  • Disable Firefox Compatibility mode by default. This will stop Pale Moon from advertising itself as a "version of Firefox" which has been the cause of a good number of recent annoyances with websites thinking Pale Moon was "Firefox 24.0" and deemed "too old" as a result.
  • Pale Moon will no longer have a Firefox/xx.xx indicator in its UserAgent string. This may cause some websites to possibly warn, complain or even completely block you. You should contact the site's owners and request support for Pale Moon.
    If all else fails, Pale Moon will allow you to override the UserAgent on a per-site basis if you absolutely must visit the site and they absolutely won't cater to your freedom of browser choice. You do this by creating new preferences in about:config to present custom UserAgent strings to the problematic websites. The preferences will have the general format of: general.useragent.override.example.com (for the domain example.com) and contain a full UserAgent string like "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0" (as example to pretend to be Firefox 28.0). You do not need any add-ons for this functionality, it is built into the browser.
    Some websites will also display a little different as a result, since Pale Moon will fall into an "unknown" category for sites with limited/naive detection scripts (and that includes some big players like Google). It is recommended that you contact website owners and ask them to find a solution for this problem.
  • Use the alternative sync implementation on a new server.
    As current sync users have noticed, the Pale Moon sync server has been quite unstable since it was put in service. The main reason for these problems has been the unstable and very demanding Mozilla Labs implementation of a Weave/Sync server in the Python programming language. An alternative solution written in a different language (PHP) has been found and adapted to work with Pale Moon.
    Unfortunately, current Pale Moon sync accounts cannot be ported over, so you will have to create a new account when updating to v25.
    The previous server implementation has already been shut down due to continued issues, and will be retired on the very short term to free up infrastructure and reduce expenses. The alternative sync implementation is Sync 1.1 compatible, like before. Pale Moon will still also be able to sync with the Mozilla "run your own Sync 1.1 server" setup for small (company) installations, or use the existing Sync 1.1 plugins for certain private cloud setups.
  • Stop building the WebApp runtime by default.
    The use of "Web Applications" started from the command-line is such a niche feature that it has no business being in Pale Moon's main-line builds.
    If you need the WebApp runtime for your specific organization and want to use Pale Moon, you can build Pale Moon from source with the feature enabled.
  • By default, do not sync add-ons.
    Syncing between different devices will likely not want you to sync the add-ons in use. There's a reason you're using different devices, after all.
    If you are using Sync to synchronize between different desktops or laptops where you would want the same add-ons, you can simply enable the synchronization of add-ons in Pale Moon Sync settings (for each individual device you want this on).
  • Un-prefix CSS box-sizing.
    You can now use box-sizing:border-box, box-sizing:padding-box and box-sizing:content-box to switch box-sizing mode on elements using CSS. Previously, you had to use the Mozilla-specific prefixed version to achieve this (-moz-box-sizing).
  • Implement image-orientation in CSS.
    You can now use image-orientation: {angle} [flip] in CSS to rotate images in 90 degree steps and optionally flip them.
  • Improve bookmark menu item-dragging.
    Dragging bookmarks in the bookmarks menu is now more convenient (allow diagonal dragging, prevent tooltips from interfering, etc.).
    (Fixes bugs 225434, 419911 and 555474)
  • Move the option to "use the classic downloads window" from status bar preferences to the main options window.
    This way, it's easier for people to find and it's in a much more logical place. The classic downloads window will not go away any time soon in Pale Moon, and the option to use it should be easy to find for users.
  • Update branding images for official/unofficial logo, and some about: pages.
  • Add a new type of "blank new tab" page with logo-styling.
    This logo page will be the default setting (instead of about:blank) and will follow the background color of your overall chosen Windows theme to prevent hard contrast on e.g. dark themes.
  • Add Opus audio to WebM.
    Pale Moon will now support the decoding of Opus audio streams in WebM videos.
  • Add VP9 codec to WebM on both desktop and Android/ARM.
    Pale Moon has updated its media back-end and now supports the recent Google VP9 bitstream codec for WebM videos.
  • Allow absolute-in-relative positioning in table and CSS table-cell elements in accordance with the CSS2 specification.
    Pale Moon now supports absolute CSS positioning of elements inside a relatively-positions table cell element (either in an actual table or in a CSS-styled table cell). In previous versions web developers had to wrap their elements in a DIV to achieve the same result.
  • Allow the user to override the use of accessibility colors in the browser with browser.display.ignore_accessibility_theme
    If using a high-contrast theme, Pale Moon by default also applies these high-contrast colors to the page content, in some cases (depending on the website design) rendering things unreadable because of "black on black" or similar color issues. By switching this preference, Pale Moon will no longer use high-contrast colors for page content, while otherwise using it for the user interface.
    Improve the display of tabs when lightweight themes (personas) are in use for both light and dark themes.
    A long-standing niggle of people using lightweight themes (AKA personas) has been the use of a grey base color for tabs. Pale Moon's theming has been adjusted to provide an improved display of tabs on both light and dark personas.
  • Enable cache compression by default to more efficiently use disk cache.
    Pale Moon 25 will apply a balanced level of compression to cached files by default, to save on disk space and disk writes, and allow more items to be stored in the cache while having minimal impact on processor use. Note that this may prevent some "cache explorers" from being able to show you cached item contents since they are now compressed.
  • When shutting down the browser while you still have downloads in progress, Pale Moon will now by default warn you that the downloads will be cancelled.
    The previous default setting to "automatically pause and resume" downloads is has been deprecated in favor of cancelling downloads. For small files, pausing/resuming is not applicable most of the time, and almost all large downloads will have trouble resuming after a browser restart. It was therefore decided that it would be better to warn the user that downloads are still in progress and to cancel the downloads if the user so chooses, when closing the browser, or otherwise keep it open until downloads complete. This should prevent unwanted "forgotten" downloads in progress from being interrupted and needing a re-download.
  • Added language packs for Acholi, Assamese, Kashubian, Pulaar Fulfulde, Armenian, Khmer, Ligure, Mongolian, and Swahili.
    This brings the total number of alternative languages for Pale Moon to no less than 90! Note that a number of previously complete language packs were not updated in time for this release and have reverted to an incomplete (but "in progress") state, and will be updated as they are completed by volunteer translators.

Bug/regression fixes:
  • Prevent error in removeobserver() for the padlock code when closing a window
  • Hang fix: Release XPCOM timer immediately after firing to prevent a race condition. (CVE-2014-1553)
  • Android & any ARM processor: Always use integers for audio instead of floats.
  • Properly apply the use of high contrast themes on Windows 8/8.1
  • Prevent the accumulation of hidden about:blank windows in some situations.
  • Android: prevent deadlocks due to invalidations when using plugins (Flash)
    Flash and other plugins are not widely supported on the Android platform. YMMV (Your Mileage May Vary) and it may not may not work, depending on Android version, device, processor, plugin type, page content, etc.).
  • Re-enable high-quality downscaling of particularly large images (selective HQ downscaling) and improve fast image scaling method (use Lanczos instead of Hamming).
    Downscaling particularly large images in the browser now uses a fast, better quality scaling method for smaller downscale factors and will switch to the two-stage HQ downscaling method if scaling down beyond the usable limit of the fast method.
  • Hang/DoS fix: Avoid uninterruptable infinite loops in IonMonkey in some situations. (CVE-2014-1548)
  • Android: improve the handling of zooming to input fields
    On tablets, auto-zooming to form input fields will no longer be done and the related preferences now actually work ;)

Security fixes:
  • Properly derive/insert the host of a URL
  • Avoid negative audio ratios (can lead to crashes) (CVE-2014-1565)
  • Avoid some root hazards in the style parser
  • Add is-object check to IonBuilder::makeCallHelper (CVE-2014-1562)
  • Clear the jumplist icon cache when history is cleared (privacy fix)
  • Crash fix on Windows (JS JIT) (CVE-2014-1554)
  • Prevent buffer overrun in text directionality component (CVE-2014-1567)
  • Update NSS to 3.16.2.1-RTM (CVE-2014-1568)
  • This fixes the "forged RSA signature" potential vulnerability that a lot of buzz was made about recently.


Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | für AVX | für Android | für Mac | Pale Moon "Sumozi" | SSE1 build (für ältere CPUs) | für Win XP 64Bit
Github: https://github.com/M...tions/Pale-Moon
0

Anzeige



#47 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 16. Oktober 2014 - 17:56

Pale Moon 25.0.1

Changelog:
  • Update of the add-on SDK to add missing "PaleMoon" engine entries to lists in some modules. This should fix extension compatibility issues for things like Self-destructing cookies, Privacybadger and other Jetpack add-ons that should otherwise already work with the new GUID.
  • About box release notes link corrected
  • Fix for VP9 decoder vulnerability security fix
  • Fix for direct access to raw connection sockets in http security fix
  • Fix for unsafe conversion to JSON of data through the alarm dom element security fix
  • Update of NSS to 3.16.2.2-RTM security fix

Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | für AVX | für Android | für Mac | Pale Moon "Sumozi" | SSE1 build (für ältere CPUs) | für Win XP 64Bit
Github: https://github.com/M...tions/Pale-Moon
0

#48 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 24. Oktober 2014 - 13:00

Pale Moon 25.0.2

Changelog:
This is a small update to address a number of teething problems with the new milestone release.

Fixes/changes:
  • Added a "Firefox compatibility mode" selection in Options -> Advanced.
    This mode is enabled by default (reluctantly so), because too many websites (including some very big players who, themselves, promote an Open Web...) still use very poor browser detection methods based on arbitrary User Agent string comparisons, not catering to alternative browsers, and the resulting user experience being poor (being presented with mobile site layouts, broken pages, or even being flat-out refused service because someone exercises freedom of choice for web browser used). This should alleviate most, if not all, issues with browser-discriminating websites.
  • Improved active tab display on particularly dark personas.
    People using "black" personas/lightweight themes should now have a lot less difficulty distinguishing the active tab.
  • Disabled SSL 3.0 by default (to put a muzzle on the POODLE).
  • Please note that this may cause issues with some poorly configured web servers (usually ones with a hopelessly broken security setup that do not support TLS 1.2 or secure (re)negotiation of the protocol). Please ask server operators to fix their security.
  • Fixed add-on update issue that was preventing update checking through addons.palemoon.org.
  • Fixed the redundant redundancy in asking redundantly if the browser would be allowed to ask to install an extension when not on addons.mozilla.org.
  • Fixed the internal UA-sniffing insanity that broke devtools in a few different and colorful ways.

Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | für AVX | für Android | für Mac | Pale Moon für WinXP 32+64Bit | SSE1 build (für ältere CPUs)
Github: https://github.com/M...tions/Pale-Moon
0

#49 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 14. November 2014 - 16:09

Pale Moon 25.1

Changelog:
This is an important update to the new release that addresses current incompatibilities with websites, updates security, and introduces new features:
  • New feature: multi-line flexbox support.
    Pale Moon now supports more advanced multi-line and multi-column flex elements. This will allow websites to use these elements for easier responsive design of web pages and ordering/layout of multiple elements. This has been on Pale Moon's to-do list for a while but was rather complex to tackle, hence the delay in implementation. This should address layout issues on several recently-updated websites (e.g. the MSN home page).
  • New feature: added support for collapsed flex element items.
    Previously, flex elements that would be "collapsed" through CSS would be hidden, but still take up their flex space.
  • Enhanced feature: Content Security Policy (CSP)
    Pale Moon now fully supports the CSP 1.0 specification allowing websites to set restrictions on content to prevent XSS (Cross-site scripting) attacks. Previously, the implementation in Pale Moon was partial, and did not support a number of features, resulting in some websites not rendering properly because Pale Moon was being too strict in enforcing the policy. This should address issues on websites enforcing CSP (e.g. the Dropbox web interface and FaceBook galleries).
  • New feature: added support for iframes with inline content.
    This added HTML5 feature makes it possible for web designers to specify the content of iframes in-line, instead of having to link to an external source. This allows for more dynamic use of iframe elements.
  • Updated the Firefox Compatibility mode version to 31.9.
    With the improvements in rendering, HTML5 support and overall feature set in this version, the Firefox Compatibility mode (as presented in the UserAgent string) has been bumped to prevent websites from complaining about "using a too old/unsupported version of Firefox" (e.g. Google websites) while offering those sites a Firefox Compatibility version that is in line with the "expected" feature set of the browser. User agent sniffing remains a really bad practice and should not be done, so this is combating a symptom rather than a cause. Pale Moon's new presented version is a close match, but will never be 100% so you may still run into some websites that don't like Pale Moon's user agent and require a manual override as outlined in the FAQ.
  • Pale Moon no longer builds the so-called "media navigator" by default.
    This module provides access to the user's webcam and microphone. Although it can be used for other purposes, in practice this is only used for WebRTC and, in fact, its support (GetUserMedia) is often mistaken for actually supporting WebRTC in a browser (causing errors since Pale Moon does not support WebRTC). No longer including these features reduces input complexity and overhead for a feature not actively used. This also circumvents privacy concerns/confusion like CVE-2014-1586.
  • Improved tab handling on lightweight themes (personas) some more to enhance contrast on certain themes and to make the tab hover effect slightly more distinct.
  • Fixed oversized/blocky menu arrows on Windows 8.1 in HiDPI mode.
  • Fixed incorrect operating system being passed on to addons.mozilla.org.
  • Fixed an error being thrown in the error console/web console when opening a new window.
  • Removed the NVidia 3D Vision auxiliary utility library.
  • This library has been the likely cause for a number of crashes on NVidia cards, and is completely unnecessary for Pale Moon.
  • Made the installer less aggressive for file type associations, to prevent "stealing" of globally associated file types.
  • Android: improved restoring of session tabs.
  • Android: added an option to automatically restore tabs.
    An important thing to note with this new option is the following: with the option enabled, Pale Moon will now automatically restore tabs you had open previously when the app gets suspended (pushed out of memory by other apps, closed by swipe, etc.). The "quit" main menu option, however, completely shuts down your session, unloads Pale Moon from active memory, and tabs will not be automatically restored when you launch Pale Moon again. This is by design. To restore tabs in that situation, use the link from the home screen.

Security fixes:
  • Fixed several memory security hazards CVE-2014-1574 and CVE-2014-1575
  • Fixed CVE-2014-1581.
  • Fixed bug 1069584: Bail if a cairo surface is in an invalid state.
  • Made sure to initialize surfaces for draw targets.
  • Fixed bug 1074280: Use AsContainerLayer() in order to avoid a bad cast.
  • Fixed several problems in the HTML parser (multiple vulnerabilities).
  • Improved security of XHR by filtering out types of requests that can potentially be abused.

Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | für AVX | für Android | für Mac | Pale Moon für WinXP 32+64Bit | SSE1 build (für ältere CPUs)
Github: https://github.com/M...tions/Pale-Moon
1

#50 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 28. November 2014 - 10:53

Pale Moon für Android 25.1.1

Changelog:
fix startup crashes when used on Android 5.0 (Android-L, Lollipop).

Download:
FTP: ftp://publicandroid:...android-arm.apk
HTTP: http://relmirror.pal...android-arm.apk
0

#51 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 15. Januar 2015 - 22:27

Pale Moon 25.2

Changelog:
This is an important update after rapid development on the back-end to extend browser capabilities and implement some ES6 draft functions for web programmers, as well as provide some important crashfixes, bugfixes and security updates.

Fixes/changes:
  • ES6: Added the following functions:
    • Array.prototype.find
    • Array.prototype.findIndex
    • IsConstructor(arg)
    • Array.of(items...)
    • Number.parseInt
    • Number.parseFloat
    • Advanced math functions: hyperbolic sin/cos/tan/asin/acos/atan, hypotenuse, cube root, expm1, log1p, log10, log2, sign and trunc
    • Map.prototype.forEach
    • Set.prototype.forEach
  • ES6: Added the following number constants: EPSILON, MIN_SAFE_INTEGER and MAX_SAFE_INTEGER
  • ES6: Added the use of binary and octal numeric literals (&b... and &o...)
  • ES6: Updated behavior of accessing indexed values in accordance with the spec.
  • CSS: Added overflow-clip-box:content-box|padding-box
  • DOM: Added table.createTBody() function
  • Added a clearer alltabs button for dark personas.
  • Added a development tools toggle hotkey (F12)
  • Added a preference prompts.tab_modal.focusSwitch to enable or disable tab switching when a modal dialog (e.g. javascript confirmation) is presented in a page.
  • IonMonkey on Android: fixed the implementation of AbsI.
  • IonMonkey: fixed a bug where actively used objects were discarded.
  • Fixed register initialization to prevent incorrect detection of SIMD instructions on some CPUs.
  • Optimized some loops in the spell checker to increase performance.
  • Simplified cache handling, updated cache parameters to better reflect current web use, and enabled automatic cache sizing by default.
  • Adjusted memory cache sizing to better reflect capacities of current hardware.
  • Updated UserAgent override workarounds for Netflix and FaceBook to fix some site issues.
  • Aligned programmatic access to geolocation with the spec.
  • Fixed a crash when being fed a data file (XML) with too deeply nested tags.
  • Fixed a crash in HTML5/WebAudio that affected some games.
  • Fixed a crash when programmatically collapsing elements.
  • Fixed a few non-breaking bugs related to e10s code.
  • Fixed text input/padding issues.
  • Updated surround downmixing code for Vorbis.
  • Improved tolerance in WebAudio for loading multichannel audio files.
  • Android: Fixed an issue with Flash, it should now run on more devices.
  • Updated the DDG search plugin to make the actual query be the last parameter in the address bar for easy editing after a search has been performed.
  • Removed some unused update channel code.
  • Updated branding to more clearly indicate Pale Moon's trademark.
  • Updated some licensing texts in-browser to properly reflect used code and rights.

Security/privacy fixes:
  • Added a preference network.stricttransportsecurity.enabled to enable or disable the use of HSTS (HTTP Strict Transport Security), allowing users to choose between privacy and security in this matter. (hidden pref)
  • Fixed CVE-2014-1589 by whitelisting XBL bindings that may be applied to untrusted content.
    Important: extension developers should read this related thread.
  • Fixed CVE-2014-1593.
  • Mac: fixed CVE-2014-1595.
  • Fixed CVE-2014-8639 by adjusting cookie handling through proxies.
    Important: This may currently impact some corporate Single-Sign-On (SSO) setups through proxies which will be inconvenienced by asking for credentials instead of automatically logging in. Firefox 35 and ESR are impacted the same way, and I'm keeping an eye on relevant bugs and potential solutions.
  • Fixed CVE-2014-8636.
  • Fixed several memory safety hazards that do not have CVE numbers.


Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | für AVX | für Android | Pale Moon für WinXP 32+64Bit | SSE1 build (für ältere CPUs)
Github: https://github.com/M...tions/Pale-Moon
0

#52 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 29. Januar 2015 - 22:13

Pale Moon 25.2.1

Changelog:
This is a minor update (literally, with the delta only being a 150-300 KB download) that addresses a single issue of 25.2.0 with authentication through proxies. No other changes in this point release.

Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | für AVX | für Android | Pale Moon für WinXP 32+64Bit | SSE1 build (für ältere CPUs)
Github: https://github.com/M...tions/Pale-Moon
0

#53 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 29. März 2015 - 08:58

Pale Moon 25.3.1

Changelog:
This is a security update to the browser to address a critical vulnerability found in the pwn2own contest. Only one Mozilla code vulnerability found in this contest applies to Pale Moon, which has been addressed in this update.
Fixes/changes:
  • Fixed security vulnerability CVE-2015-0818. This vulnerability would allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
  • Fixed IPv6 DNS resolution regression in some less common cases.


Changelog der 25.3.0
This is an important update to improve features and performance, as well as address important security issues.

Fixes/changes:
  • Overhauled WebGL. It now properly supports depth textures, shadow mapping and glow shaders.
  • Note that older operating systems or video cards may be limited in their support of these features.
  • Updated the ANGLE library to a much more current version.
  • Removed the crash reporter code completely to improve overall browser responsiveness and operation.
  • Please note that a necessary victim of this has been the in-browser (devtools) SPS profiler because of its reliance on crash reporter data-gathering tools.
  • Removed the Mozilla Plugin Finder Service (no longer in use @Mozilla).
  • Android: removed the Mozilla "product announcements" service.
  • Re-added control of the number of concurrent tabs to be restored from a session with browser.sessionstore.max_concurrent_tabs (accepted values 1-10)
  • Significantly improved performance and accuracy of date/time/timer handling.
  • Significantly improved performance of the creation of DOM nodes with plain text content.
  • Added several significant performance optimizations for arrays and strings in javascript.
  • Added several code performance optimizations and bugfixes in SVG, the presentation shell, SCTP, style gradients and CSS parsing routines. (Thanks, Axiomatic!)
  • Added an "Open link in current tab" context menu entry on links for UI consistency.
  • Updated styling of the browser with personas (lightweight themes) once more to improve display in tabs-on-top mode, improve overall legibility of tab text, and display of inverted close buttons on some controls on dark personas.
  • Added a special case check for the Flash plugin version check on Linux failing due to commas instead of periods in the version string.
  • Added Windows 10 compatibility in executable manifests.
  • Android: Fixed a crash on GL canvas surfaces.
  • Fixed incorrect Sync "howto" instruction links from the Sync dialogs.
  • Fixed the color of selected tabs in Linux when personas (lightweight themes) are in use that do not match the overall tone of the OS system theme.
  • Fixed a bug where a variable in parentheses would abort Javascript parsing.
  • Fixed a bug where the address bar would incorrectly be cleared.
  • Fixed padding issues for dropdown lists.
  • Fixed DNS lookups so proper record types are requested for IPv4 and IPv6.

Security fixes:
  • Disabled all RC4-based encryption ciphers by default.
  • Fixed several miscellaneous memory safety hazards.
  • (applicable bugs related to CVE-2015-0835 and CVE-2015-0836)
  • Fixed loading of locally stored DLL files through the internal updater. (CVE-2015-0833)
  • Fixed a potential crash point in IndexedDB. (CVE-2015-0831) DiD
  • Fixed a double-free situation when using non-default memory allocators and a 0-length XHR. (CVE-2015-0828)
  • Note: production builds of Pale Moon were never vulnerable.
  • Fixed a crash using DrawTarget in the Cairo graphics library. (CVE-2015-0824)
  • Fixed potential reading of local files through manipulation of form autocomplete. (CVE-2015-0822)
  • Fixed a potential PNG heap-overflow crash. DiD
  • Followed up on research regarding CVE-2014-8639 (see 25.2) and made cookie handling through proxies more restrictive again.


DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.


Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | für AVX | für Android | Pale Moon für WinXP 32+64Bit | SSE1 build (für ältere CPUs)
Github: https://github.com/M...tions/Pale-Moon

Dieser Beitrag wurde von d4rkn3ss4ev3r bearbeitet: 29. März 2015 - 08:58

0

#54 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 25. April 2015 - 22:07

Pale Moon 25.3.2

Changelog:
Pale moon has been updated to 25.3.2 to fix the crashing issue that popped up with mozilla-signed extensions.
This version should prevent such crashes even if the extension has improperly formatted signature and/or manifest files in it.


Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | für AVX | für Android | Pale Moon für WinXP 32+64Bit | SSE1 build (für ältere CPUs)
Github: https://github.com/M...tions/Pale-Moon
0

#55 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 10. Mai 2015 - 17:44

Pale Moon 25.4.1

Changelog der 25.4
IMPORTANT: If you use a language pack, make sure to update it to the latest version! We do have automatic updates enabled for language packs but please double-check that the version matches. If you are using an older language pack with this version of the browser, some dialog boxes may come up blank.

This is a major update - a release with many changes and fixes, the most important ones highlighted below.

Fixes/changes:
  • Updated SQLite from 3.7.17 to v3.8.8.3, improving history/bookmark/etc. performance by up to 50% depending on operation.
  • Added a new "mixed-mode" state for HTTPS connections. Clarified mixed-mode connections with a mixed-mode padlock and better tooltips.
  • Added a conditional partial shading to the URL bar and made it default (shading only on secure sites, no red shading at all by default).
    Of course you can still use the previous shading if you wish by setting browser.padlock.urlbar_background to 1
  • Dev: Fixed file system mode flags for *nix systems, to make executable files like scripts actually flagged as executable
  • Added native IPv6 lookups to NSPR to solve IPv6-only and dual-stack setups in some situations
  • Added a pref to control the unloading of idle plugins from memory and lowered the default "idle" time to 60 seconds before plugins are unloaded.
    The new preference is dom.ipc.plugins.unloadTimeoutSecs and lists the delay before unloading in seconds. If you want to immediately unload plugins when you close a page or navigate away (warning: this can cause spurious loading/unloading and slow down the browser!), set this value to 0.
  • Fixed version strings for e.g. flash on Linux being displayed with commas instead of periods - this should also fix the incorrect "your plugin is vulnerable" message while being on the latest version.
  • Windows: Set the double-click/Ctrl+arrow word selection to not eat the space (only select the actual word).
    If you want to restore the previous behavior, set the preference layout.word_select.eat_space_to_next_word to true.
  • Android: DNS fix for VPN connections, preventing the "server not found" issues people have been reporting for certain VPN providers on mobile.
  • Updated a number of trusted root certificates, and distrusted the CNNIC root certificate by popular demand.
  • Linux: Worked around the slice memory allocator not being properly disabled on later GLib versions, causing errors to be thrown in the terminal/console and not using the intended memory allocator.
  • Android: updated the random number generator handling on later versions of Android.
  • Added fix to prevent spurious re-paints with plugins (performance/UX improvement).
  • Removed the plugin check link from the Addons Manager, since it's no longer reliable and not officially available for browsers except Mozilla Firefox. (Bonus: no user profiling/tracking through optimizely!).
  • Optimized the NSS callback for secure connections.
  • Updated the domains that are whitelisted for installation of extensions/themes/personas, streamlining the use of addons.palemoon.org.
  • Added personas support to titlebar text (adopt the lightweight theme's coloring/shading) in custom titlebar mode (Pale Moon appmenu/button).
  • Added display of HTTPS protocol (SSL/TLS) to the page info window (thanks Travis!).
  • Improved certificate display: Removed MD5 and added SHA256 fingerprint, and made them selectable/copyable.
  • Updated classification of secure connections: Classify any encryption with less than 128 bits or including RC4 (if manually enabled, see previous version notes) as weak.
  • Dev: Added availability of the full ciphersuite string for use in extensions to the nsISSLStatus interface (nsISSLStatus.cipherSuite).
  • Dev: Added MAKE_UNLINKABLE to the about: page redirector and added that as default for the reader mode on Android.
    If you are an extension developer who wants to provide your own about: page, you should also make it unlinkable this way to prevent undesired use in web pages.
  • Removed the compilation and inclusion of a one-time-use pre-compiled startup cache in omni.ja, reducing overall application size significantly and avoiding a number of quirks of both the build process and the operation of the browser.
  • Fixed an NVIDIA specific GLX server vendor bug for pixmap depth and fbConfig depth.
  • Removed most telemetry code, reducing code complexity and wasted CPU.
    Depending on your computer in use, this may be a significant change to the smoothness of browser operation.
  • Linux: Added OSS support (mutually exclusive with ALSA): configure with --enable-oss
  • Made DNS caching a lot less aggressive to align the browser's behavior with the dynamic nature of the modern web.
  • Removed Mozilla-specific parameters for searches. Search suggestions should now work again for Google searches.
  • Added the option to allow users to use a fixed (JSON) file-based geolocation response in favor of a GeoIP service.
  • Dev: Improvements to Clang builds (thanks Axiomatic/BitVapor!). Clang is not currently producing stable builds on Linux, so please use GCC for that operating system.
  • Linux: removed GnomeVFS that's no longer in use.
  • Fixed the "double padlock while loading a secure site" niggle in the UI.
  • Dev: added allowance of using -moz-appearance:none on drop-down lists to hide the arrow button (catering to custom styling of the control).
  • Added some more ES6 math/number functions:
    • Implemented Math.fround(x)
    • Implemented Number.isSafeInteger(x)
    • Implemented Math.clz32(x)
Security fixes:
  • Fixed several memory safety hazards (UAF/DF/UU); applicable bugs covered by CVE-2015-0815 and CVE-2015-0815.
  • Fixed CVE-2015-0811 [qcms] heap info leak.
  • Fixed CVE-2015-0810 clickjacking attacks via a Flash object in conjunction with DIV elements.
  • Fixed CVE-2015-0801 a variant of CVE-2015-0818.
  • Fixed CVE-2015-0800 improve randomness of DNS resolver queries on Android.
  • Fixed CVE-2015-0798 access to privileged URLs through about: redirector.


Changelog der 25.4.1:
  • Fixed loss of the browser's disk cache on startup due to incorrect corruption detection logic
  • Fixed a browser crash on some HTML5 games due to an audio resampling bug


Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | für AVX | für Android | Pale Moon für WinXP 32+64Bit | SSE1 build (für ältere CPUs)
Github: https://github.com/M...tions/Pale-Moon

Dieser Beitrag wurde von d4rkn3ss4ev3r bearbeitet: 10. Mai 2015 - 17:45

0

#56 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 10. Juni 2015 - 17:05

Pale Moon 25.5

Changelog:
This version of the browser sees many under-the-hood changes, fixes the Logjam vulnerability, and adds a specific indicator for mixed-mode web pages.

  • Fixes/changes:
  • Logjam fix: Refuse DHE keys with less than 1024 key bits. For more information, check https://weakdh.org/
  • Search plugin updates to re-enable Google suggestions and reduce tracking (Squarefractal)
  • Allow plugin-specific (.dll based) OOPP overrides also for npswf. This will not be used for the "master switch" for OOPP and Flash will still be in the plugin container, unless a specific dom.ipc.plugins.enabled.npswf*.dll boolean is set to override.
    This is to help people with specific issues with Flash running poorly in the plugin container in Pale Moon or causing issues on secondary monitors.
  • Fixed a crash during WebGL Conformance Tests for undefined indices (Toady)
  • HSTS preload list updates (Squarefractal)
  • Status bar locale addition: cs
  • Implemented a fix for the toolkit update service so that the same version as the current application will not be offered as a valid update (Tobin)
  • Reorganized the AppMenu (give equal ease for windowed and tabbed browsing, deprioritize Sync)
  • Disabled the Sync promo box in doorhangers.
  • Updated libpng to version 1.5.22
  • Fixed support for builds using newer freetype on Linux. (Axiomatic)
  • Fixed --with-system-pixman builds. (Isaac Dunham)
  • Updated SQLite to version 3.8.10.1
  • Changed the after-upgrade page loaded to the release notes instead of the home page.
    (and hoping people actually do take a moment to read them, preventing unnecessary support requests)
  • Fixed navigator.geolocation - should never be null, to properly adhere to the specification for real this time (Travis)
  • Moved paintlock event delay to greprefs, and adjusted it for 2015's heavier sites
    This should prevent the infamous "briefly flashing web site display without styling"
  • Fixed the about dialog scripting for pre-release builds (includes build date now as-intended and no longer errors the script)
  • Reorganized how pushed floats are handled in layout flow
  • Implemented a change to run the updater from the install directory instead of copying it.
    This prevents potential security issues as well as elevation issues on some setups.
  • Fixed transparency of the Pale Moon document icon for 256x256
  • Updated padlock code:
    • Added mixed-mode shading (yellow), and reorganized shading pref values more logically
    • (0=off, 1=secure only, 2=secure+mixed, 3=all)
    • Cleaned up CSS
    • Cleaned up padlock logic a little

  • Hard-coded internal UA sniffing values for the extension legacy of devtools
  • Updated NSPR to 4.10.8
  • Updated the NSS security lib to 3.19-RTM + re-worked Pale Moon changes
  • Bumped the built-in site-specific UA compat mode overrides to v38
    To prevent these sites from starting to complain again about "too old firefox"
  • Fixed a rare compressed-cache crash due to losing our cache entry while finishing up compression.
  • Updated and patched libcubeb, the main media sound library, to fix a number of audio issues (e.g. when switching output device) and audio-related crashes
  • Added the option to load modules into a named scope
  • Removed quick access keys for buttons on the updater window (since it may pop up unannounced when people are typing, causing them to make unintended choices)
  • Updated jemalloc and mozjemalloc memory allocator libraries to improve performance
  • Removed implicit access to a whole range of internally-used interfaces and classes that page content has no business calling anyway
  • Added a preference for always preferring a certain dictionary language.
    To use this, create a new preference spellchecker.dictionary.override (string) and set it to your language code.

More information about changes in this version that would be important for extension developers and web programmers can be found here.

Security fixes:
  • Fixes for miscellaneous memory safety hazards (relevant and applicable fixes from CVE-2015-2708 and CVE-2015-2709)
  • DiD (defense-in-depth) fix to prevent potential overflows in CSS restyling
  • Fix for updater hijacking (CVE-2015-2720)
  • Fix to prevent potential disclosure of sensitive information in Android logs (CVE-2015-2714)
  • Fix for a buffer overflow in the XML parser (CVE-2015-2716)
  • Fix for a potentially exploitable crash in DNS handling



Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux
Sprachdateien: http://www.palemoon....langpacks.shtml
Github: https://github.com/M...tions/Pale-Moon
0

#57 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 31. Juli 2015 - 10:13

Pale Moon 25.6

Changelog:
Pale Moon has been updated to 25.6, which is a major update to the browser, addressing usability issues, crash fixes and security fixes.

Fixes/changes:
  • Canvas anti-fingerprinting option: Pale Moon now includes the option to make canvas fingerprinting much more difficult. By setting the about:config preference canvas.poisondata to true, any data read back from canvas surfaces will be "poisoned" with humanly-imperceptible data changes. By default this is off, because it has a large performance impact on the routines reading this data.
  • Added a feature to allow icon fonts to be used even when users disallow the use of document-specified fonts. This should retain full navigation for icon-font heavy websites (no more dreaded "boxes" with hex codes) when custom text fonts are disabled.
  • Added a feature to prevent screen savers from kicking in when playing full-screen HTML5 video. This is currently not yet operational on Linux because of stability issues we've run into on that OS, but Windows should properly benefit from this change.
  • The "autocomplete=off" parameter for signon forms is now completely ignored by default, to keep the user in control of their browser's behavior and allowing credentials to be saved if wished. If you prefer the previous behavior, allowing a website to determine whether autocomplete should be allowed or not, then change the about:config preference signon.ignoreAutocomplete to false.
  • Reinstated the packaging of pre-compiled scripts in the browser. Hopefully this will fix the reports by some users who found that initial start-up after installation/upgrade of the browser was unacceptably slow. Unfortunately this means a slightly larger download/install size as a trade-off.
  • Added the option to use Chrome://../skin/ overrides, in effect allowing the use of "Icon themes"; toolbar icon replacements to customize your browser icons without the need for any CSS or full-blown theming.
  • Added a count for the number of matches in the find bar. it will now list the total number of matches found, and which match is the currently highlighted one.
  • Fixed the issue where highlighted words after finding and highlighting them all in a page would remain highlighted when closing the find bar.
  • Added support for CSP 'nonce' keywords (CSP 1.1/2.0). Please note that this is still experimental and may not work 100% as-expected. Please report any bugs you may find.
  • Aligned CSP more with the spec in terms of reporting and case-sensitivity of matches, and made it more app-friendly.
  • Added -moz-os-version selectors for @media CSS queries to simplify theming on different operating systems (esp. Windows).
  • Updated and improved several languages for the Status Bar code, and added Slovenian.
  • Fixed an issue in the internal updater window not showing proper language strings.
  • Fixed an issue where the unexpected use of "backface-visibility" on non-3D transformed elements (like the body) would break positioned elements on web pages.
  • Fixed text positioning in the combobox display area when a non-default height is set for the combobox.
  • Fixed a crash caused by bad Opus audio encoding in media files.
  • Fixed a crash when trying to measure memory in about:memory while playing video.
  • Fixed a rare crash in sLayersAccelerationPrefsInitialized
  • Fixed miscellaneous other crashes.
  • Fixed a DNS prefetching issue for the people using this feature.
  • Fixed an issue with single-word searches from the address bar when a proxy is in use.
  • Fixed a number of build issues on Linux when using system libs.
  • Added support for link-time optimization on newer Linux compilers.
  • Removed more telemetry code (ongoing project!).

Security fixes:
  • Fixed a memory safety bug due to a bad test in nsZipArchive.cpp (CVE-2015-2735).
  • Fixed a memory safety bug in nsZipArchive::BuildFileList (CVE-2015-2736).
  • Fixed a memory safety bug caused by an overflow in nsXMLHttpRequest::AppendToResponseText (CVE-2015-2740).
  • Fixed a Use After Free in CanonicalizeXPCOMParticipant (CVE-2015-2722).
  • Fixed off-main-thread nsIPrincipal use of various consumers in the tree (only grab the principal when needed).
  • Fixed an issue where an IPDL message was sent off the main thread.
  • Fixed a potentially exploitable TCPSocket crash due to a race condition.

Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux
Sprachdateien | Github: https://github.com/M...tions/Pale-Moon
0

#58 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 26. August 2015 - 16:08

Pale Moon 25.7

Changelog:
Pale Moon 25.7 has been released, which is an important maintenance update with usability improvements, bugfixes and security fixes.

Fixes/changes:
  • Code cleanup: Removed the (otherwise unused) visual event tracer code.
  • Code cleanup: Removed reflow performance tracing code (telemetry).
  • Fixed a key JavaScript bug where defining properties on an object would wipe the object.
    This seems to be a common issue with "modern" libraries that use "define" instead of "change" and expecting the other properties on the object to be retained, resulting in "x is undefined" or "can't redefine non-configurable property" errors all over the place if the object is wiped. (e.g.: airbnb.com and mega.nz, to name a few reported sites)
    This aligns the behavior with ES6's "Validate and apply property descriptor" pseudo-function.
  • Updated the SQLite library to 3.8.11.1.
  • Added support for the element.matches() Web API function.
  • Added support for BASE tag parsing in source view. Previously, when viewing the source of a document, clickable links would be incorrect if a base path was specified in the document with this tag.
  • Fixed an issue with running timers after the computer would have been put to sleep with the browser opened.
Security fixes:
  • Added protection against potential bugs where our SVG mPositions is out of sync with the characters in the DOM. DiD
  • Fixed use-after-free vulnerability in XMLHttpRequest::Open() (CVE-2015-4492)
  • Fixed use-after-free vulnerability in the StyleAnimationValue class (CVE-2015-4488)
  • Fixed crash or memory corruption in nsTArray (CVE-2015-4489)
  • Fixed crash or memory corruption in nsTSubstring::ReplacePrep (CVE-2015-4487)
  • Fixed potential escalation of privileges or crash (out-of-bounds write) via a crafted name in MARs (x64 only) (CVE-2015-4482)
  • Fixed an issue that would allow man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. (CVE-2015-4483)
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.


Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux
Sprachdateien | Github: https://github.com/M...tions/Pale-Moon
0

#59 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 28. September 2015 - 16:33

Pale Moon 25.7.1

Changelog:
This is a security, stability and web-compatibility update. This also marks a security update for the Android version of Pale Moon to keep users of the otherwise currently unmaintained OS updated regarding known security vulnerabilities.

Fixes/changes:
  • Code cleanup: Removed the majority of remaining telemetry code (including the data reporting back-end and health report) to prevent a few issues with partially removed code in earlier versions.
  • Fixed a crash due to handling of bogus URIs passed to CSS style filters (e.g. whatsapp's web interface).
  • Permitted spec-breaking syntax in Regex character classes, allowing ranges that would be permitted per the grammar rules in the spec but not necessarily following the syntax rules. This impacts a good number of (also higher profile) sites that use invalid ranges in regular expressions (e.g. Cisco's networking academy site, Yahoo Fantasy Football).
  • Fixed a crash due to the newly introduced WASAPI handling of audio channel mapping that doesn't like actual surround hardware setups (e.g. playing a video with quadraphonic audio on a 4-speaker setup).
  • Fixed an issue where site-specific dictionary selections would be written to content preferences without the user's action, potentially overwriting or clearing a previously-chosen dictionary.
  • Added support for drag and drop of local files from sources which use text/uri-lists. (Some Linux flavors/file managers)
  • Updated libnestegg to the most current version.
  • Fixed an issue where setting the location to an empty string could cause a reload loop.
Security fixes:
  • Changed the jemalloc poison address to something that is not a NOP-slide. DiD
  • Fixed a memory safety hazard in ConvertDialogOptions (CVE-2015-4521)
  • Fixed a buffer overflow/crash hazard in the VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE (CVE-2015-7179)
  • Fixed an overflow/crash hazard in the XULContentSinkImpl::AddText function (CVE-2015-7175)
  • Fixed a stack buffer overread hazard in the ICC v4 profile parser (CVE-2015-4504)
  • Fixed an HTMLVideoElement Use-After-Free Remote Code Execution 0-day vulnerability (ZDI-CAN-3176) (CVE-2015-4509)
  • Fixed a potentially exploitable crash in nsXBLService::GetBinding
  • Fixed a memory safety hazard in nsAttrAndChildArray::GrowBy (CVE-2015-7174)
  • Fixed a memory safety hazard for callers of nsUnicodeToUTF8::GetMaxLength (CVE-2015-4522)
  • Fixed a heap buffer overflow/crash hazard caused by invalid WebM headers (CVE-2015-4511)
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.


Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | Android *wieder da*
Sprachdateien | Github: https://github.com/M...tions/Pale-Moon
1

#60 _d4rkn3ss4ev3r_

  • Gruppe: Gäste

geschrieben 02. Oktober 2015 - 17:48

Pale Moon 25.7.2

Changelog:
This is a stability update, addressing 2 critical hangs:
  • Fixed a critical hang caused by recursive reloads that might happen in iframes if its hash changed.
  • Fixed a critical hang caused by lazy-loading of stylesheets through a specific web programming technique as advocated by Google's PageSpeed.


Download:
http://www.palemoon....wnload-ng.shtml | 64Bit | Portable | Webinstaller | für Atom CPUs | für Linux | Android
Sprachdateien | Github: https://github.com/M...tions/Pale-Moon
0

Thema verteilen:


  • 8 Seiten +
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

1 Besucher lesen dieses Thema
Mitglieder: 0, Gäste: 1, unsichtbare Mitglieder: 0