Pale Moon 歷史版本列表
Pale Moon (32-bit)Pale Moon (64-bit)
更新時間:2016-06-21
更新細節:
What's new in this version:
- Added detection for dark system themes on Windows 10 and re-worked Windows 10 specific theming to better integrate into the OS and provide more clarity.
- HTML5 media controls have been reworked to a horizontal volume control on all media, including HTML5 audio that was previously without an element-control for volume.
- Default HTML5 media volume preference added as media.default_volume --fractional, default 1.0 (=100%).
- String.prototype.match() and .replace() are now fully spec compliant.
- NSPR and NSS now correctly no longer enforce IA32 architecture compatibility, getting the advantage of SSE2 like the rest of the code.
- Worked around crashes in the XSS filter when navigating back in history due to document fragments.
- Instated a hard minimum of 10,000 places entries regardless of free disk space and total memory to prevent undesired expiration of history. That is around 16MB for an average entry size, which should be sane enough even on low-memory machines.
- Fixed a typo in networking code introduced in 26.2.2 that would cause issues on some sites due to adding extra forward slashes to the URL.
Security fixes:
- Fixed a number of memory safety hazards and potentially exploitable crashes.
- Fixed CVE-2016-2821 Use-after-free in the mozilla::dom::Element class
- Fixed netaddr deserialization for AF_UNSPEC and AF_LOCAL.
- Fixed a memory overrun error in the VP8 encoder. DiD
- Fixed non-threadsafe re-use of pixman images to prevent potential race conditions. DiD
- Fixed CVE-2016-2825 Partial Same Origin Policy violation
更新時間:2016-06-21
更新細節:
What's new in this version:
- Added detection for dark system themes on Windows 10 and re-worked Windows 10 specific theming to better integrate into the OS and provide more clarity.
- HTML5 media controls have been reworked to a horizontal volume control on all media, including HTML5 audio that was previously without an element-control for volume.
- Default HTML5 media volume preference added as media.default_volume --fractional, default 1.0 (=100%).
- String.prototype.match() and .replace() are now fully spec compliant.
- NSPR and NSS now correctly no longer enforce IA32 architecture compatibility, getting the advantage of SSE2 like the rest of the code.
- Worked around crashes in the XSS filter when navigating back in history due to document fragments.
- Instated a hard minimum of 10,000 places entries regardless of free disk space and total memory to prevent undesired expiration of history. That is around 16MB for an average entry size, which should be sane enough even on low-memory machines.
- Fixed a typo in networking code introduced in 26.2.2 that would cause issues on some sites due to adding extra forward slashes to the URL.
Security fixes:
- Fixed a number of memory safety hazards and potentially exploitable crashes.
- Fixed CVE-2016-2821 Use-after-free in the mozilla::dom::Element class
- Fixed netaddr deserialization for AF_UNSPEC and AF_LOCAL.
- Fixed a memory overrun error in the VP8 encoder. DiD
- Fixed non-threadsafe re-use of pixman images to prevent potential race conditions. DiD
- Fixed CVE-2016-2825 Partial Same Origin Policy violation
更新時間:2016-05-10
更新細節:
What's new in this version:
Changes/fixes:
- Added a detection routine for dark window colors on Windows 8 and later (system themes using dark window frames) to better adapt to dark system colors. Theme developers can take advantage of this by checking for darkwindowframe="true" on #main-window in CSS selectors.
- CSS classes prefixed with "--" no longer stop parsing of the selectors.
- Several crash fixes.
Security fixes:
- Made GC suppression more aggressive to prevent issues when actually out of memory.
- Fixed a memory safety hazard in jpeg decoding.
- Fixed a potentially exploitable crash when using bi-directional text.
- Updated NSS to 3.19.4.2-PM, fixing CVE-2016-1938 among other things.
更新時間:2016-05-10
更新細節:
What's new in this version:
Changes/fixes:
- Added a detection routine for dark window colors on Windows 8 and later (system themes using dark window frames) to better adapt to dark system colors. Theme developers can take advantage of this by checking for darkwindowframe="true" on #main-window in CSS selectors.
- CSS classes prefixed with "--" no longer stop parsing of the selectors.
- Several crash fixes.
Security fixes:
- Made GC suppression more aggressive to prevent issues when actually out of memory.
- Fixed a memory safety hazard in jpeg decoding.
- Fixed a potentially exploitable crash when using bi-directional text.
- Updated NSS to 3.19.4.2-PM, fixing CVE-2016-1938 among other things.
更新時間:2016-04-08
更新細節:
What's new in this version:
- This is a small update to fix a problem with keyboard navigation of the user interface.
更新時間:2016-04-08
更新細節:
What's new in this version:
- This is a small update to fix a problem with keyboard navigation of the user interface.
更新時間:2016-04-06
更新細節:
What's new in this version:
Changes:
- Implemented the URL API that's needed for a number of websites
- Changed internal keystroke handling within the spec to better align with generally expected behavior
- This should fix the infamous "backspace" issue on Facebook
- Web developers please note: calling preventDefault() in a "keydown" event handler will now prevent most keypress events from firing
- Linux: gstreamer 1.0 support has been implemented and enabled by default (hats off to Travis!)
- From this version forward you will need to have gstreamer 1.0 libraries for video playback (0.10 is no longer supported)
- Re-styled about:sessionrestore to use more available screen real estate for tab info
- Added an option to use the mousewheel for horizontal scrolling (mouse action value 4)
- (e.g. setting mousewheel.with_shift.action to 4 makes Shift+wheel scroll horizontally)
- Bumped max icon size for search engine icons to 32 KB to cater to more common use of HiDPI icons
- Fixed some hard-coded branding strings in Sync still reading "Firefox", and similarly changed sync information URLs to point to our relevant pages
- Removed default profile bookmarks pointing to Firefox/Mozilla since the information there no longer applies to us
- Updated UA overrides and XSS configuration to deal with some problematic sites (e.g.: Google, Embedly)
- Fixed several issues with the default theme causing problems with behavior due to styling (thanks, Antonius32) (Issue #384 and friends)
- Fixed some miscellaneous issues in the internal jemalloc implementation
- Added a configure option to use the full jemalloc lib (jemalloc v3) if the builder so wishes (used for Linux, sys mallocs are not happy there either, so for our generic binaries we switched to this lib now)
- Worked around a crash caused by the XSS filter on some fora by bailing on too short and empty strings
- Fixed layout of reflowed comboboxes without enough space
- Fixed a crash related to flexboxes overflowing themselves. (Issue #396)
- Added a simple implementation for Weak Messagelisteners. (Issue #399)
- Fixed a crash for losing our cache entry while finishing up compression
- (re-apply after unintentional back-out switching to Goanna)
- Linux: Worked around driver bugs with Intel drivers that falsely report what they can support in max texture size
- Portable only: Removed compression of the browser components library after some reports that in certain configurations and environments it was causing issues with the browser
Security fixes:
- Updated the graphite font library to 1.3.7+ to solve CVE-2016-2796 and no less than 14 of its friends
- Updated NSS to 3.19.4.2-PM to address several vulnerabilities (UAF, heap overflow)
- Updated libvorbis to a much more recent version to fix multiple issues
- Crash fix and DiD fixes by holding strong references to objects in suspect places in the HTML parser. (CVE-2016-1961) (ZDI-CAN-3574)
- Fixed several out-of-bounds issues in the VP8 decoder
- Fixed a potentially exploitable crash in XML/XSLT handling
- Applied some Kung Fu to HTML animations and transitions to prevent memory hazards
- Fixed applicable Mozilla code vulnerabilities CVE-2016-1965, CVE-2016-1960 (ZDI-CAN-3545), CVE-2016-1966, and CVE-2016-1963
更新時間:2016-04-06
更新細節:
What's new in this version:
Changes:
- Implemented the URL API that's needed for a number of websites
- Changed internal keystroke handling within the spec to better align with generally expected behavior
- This should fix the infamous "backspace" issue on Facebook
- Web developers please note: calling preventDefault() in a "keydown" event handler will now prevent most keypress events from firing
- Linux: gstreamer 1.0 support has been implemented and enabled by default (hats off to Travis!)
- From this version forward you will need to have gstreamer 1.0 libraries for video playback (0.10 is no longer supported)
- Re-styled about:sessionrestore to use more available screen real estate for tab info
- Added an option to use the mousewheel for horizontal scrolling (mouse action value 4)
- (e.g. setting mousewheel.with_shift.action to 4 makes Shift+wheel scroll horizontally)
- Bumped max icon size for search engine icons to 32 KB to cater to more common use of HiDPI icons
- Fixed some hard-coded branding strings in Sync still reading "Firefox", and similarly changed sync information URLs to point to our relevant pages
- Removed default profile bookmarks pointing to Firefox/Mozilla since the information there no longer applies to us
- Updated UA overrides and XSS configuration to deal with some problematic sites (e.g.: Google, Embedly)
- Fixed several issues with the default theme causing problems with behavior due to styling (thanks, Antonius32) (Issue #384 and friends)
- Fixed some miscellaneous issues in the internal jemalloc implementation
- Added a configure option to use the full jemalloc lib (jemalloc v3) if the builder so wishes (used for Linux, sys mallocs are not happy there either, so for our generic binaries we switched to this lib now)
- Worked around a crash caused by the XSS filter on some fora by bailing on too short and empty strings
- Fixed layout of reflowed comboboxes without enough space
- Fixed a crash related to flexboxes overflowing themselves. (Issue #396)
- Added a simple implementation for Weak Messagelisteners. (Issue #399)
- Fixed a crash for losing our cache entry while finishing up compression
- (re-apply after unintentional back-out switching to Goanna)
- Linux: Worked around driver bugs with Intel drivers that falsely report what they can support in max texture size
- Portable only: Removed compression of the browser components library after some reports that in certain configurations and environments it was causing issues with the browser
Security fixes:
- Updated the graphite font library to 1.3.7+ to solve CVE-2016-2796 and no less than 14 of its friends
- Updated NSS to 3.19.4.2-PM to address several vulnerabilities (UAF, heap overflow)
- Updated libvorbis to a much more recent version to fix multiple issues
- Crash fix and DiD fixes by holding strong references to objects in suspect places in the HTML parser. (CVE-2016-1961) (ZDI-CAN-3574)
- Fixed several out-of-bounds issues in the VP8 decoder
- Fixed a potentially exploitable crash in XML/XSLT handling
- Applied some Kung Fu to HTML animations and transitions to prevent memory hazards
- Fixed applicable Mozilla code vulnerabilities CVE-2016-1965, CVE-2016-1960 (ZDI-CAN-3545), CVE-2016-1966, and CVE-2016-1963
更新時間:2016-02-26
更新細節:
What's new in this version:
- This is a bugfix release to improve stability and extension compatibility
Changes/fixes:
- Fixed a few oversights in the Firefox extension compatibility changes in 26.1.0 that should improve compatibility with a number of Firefox extensions
- Changed memory handling to (hopefully) address the memory inflation issues some people have experienced with 26.1.0
- Updated YouTube compatibility, which should once again allow users to choose between Flash and HTML5 players on YouTube
更新時間:2016-02-26
更新細節:
What's new in this version:
- This is a bugfix release to improve stability and extension compatibility
Changes/fixes:
- Fixed a few oversights in the Firefox extension compatibility changes in 26.1.0 that should improve compatibility with a number of Firefox extensions
- Changed memory handling to (hopefully) address the memory inflation issues some people have experienced with 26.1.0
- Updated YouTube compatibility, which should once again allow users to choose between Flash and HTML5 players on YouTube