Pale Moon 歷史版本列表 Page80

更新時間：2013-08-13
更新細節：

What's new in this version:

Changes:
- A change to how tab histories are cached to improve the overall memory footprint and make browsing smoother, especially when using a large number of tabs with extensive active use.
- A change to the networking pipelining back-end to use a more aggressive fallback if there are issues with pipelining requests, to minimize delays when loading pages and prevent time-outs.
- Update of the compiler to Visual Studio 2012 Update 3, to fix a few compiler issues.
- Removed the double entry for smooth scrolling selection in preferences (leaving just the one in the scrolling tab) Fixes:
- (CVE-2013-1704) ASAN heap-use-after-free in nsINode::GetParentNode
- (CVE-2013-1708) Non-null crash at nsCString::CharAt
- (CVE-2013-1712) Code injection through internal updater
- (CVE-2013-1713) InstallTrigger can use the wrong principal when validating URI loads
- (CVE-2013-1714) Cross Domain Policy override using webworkers
- Fix for Updater crash
- Fix for XSS vulnerability/URI spoofing
- Fix for newly allocated WebGL array buffers (prevent the use of uninitialized memory)
- Several fixes for the SSL crypto library (CVE-2013-1705 and others)
- Fix for do_QueryFrame support
- x64: Fix for Yarr error
- Update to the installer's 7zsfx module to prevent dll hijacking

更新時間：2013-08-13
更新細節：

What's new in this version:

Changes:
- A change to how tab histories are cached to improve the overall memory footprint and make browsing smoother, especially when using a large number of tabs with extensive active use.
- A change to the networking pipelining back-end to use a more aggressive fallback if there are issues with pipelining requests, to minimize delays when loading pages and prevent time-outs.
- Update of the compiler to Visual Studio 2012 Update 3, to fix a few compiler issues.
- Removed the double entry for smooth scrolling selection in preferences (leaving just the one in the scrolling tab) Fixes:
- (CVE-2013-1704) ASAN heap-use-after-free in nsINode::GetParentNode
- (CVE-2013-1708) Non-null crash at nsCString::CharAt
- (CVE-2013-1712) Code injection through internal updater
- (CVE-2013-1713) InstallTrigger can use the wrong principal when validating URI loads
- (CVE-2013-1714) Cross Domain Policy override using webworkers
- Fix for Updater crash
- Fix for XSS vulnerability/URI spoofing
- Fix for newly allocated WebGL array buffers (prevent the use of uninitialized memory)
- Several fixes for the SSL crypto library (CVE-2013-1705 and others)
- Fix for do_QueryFrame support
- x64: Fix for Yarr error
- Update to the installer's 7zsfx module to prevent dll hijacking

更新時間：2013-07-22
更新細節：

What's new in this version:

- A small update to address issues with the new Aero glass theme, e.g. Tab Groups not showing.

更新時間：2013-07-22
更新細節：

What's new in this version:

- A small update to address issues with the new Aero glass theme, e.g. Tab Groups not showing.

更新時間：2013-07-01
更新細節：

What's new in this version:

Changes:
- Implementation of some conservative additional multi-core support (mainly in graphics/media) using OpenMP. I'm taking baby steps here and will remain conservative in the use of multiple cores so stability of the browser isn't needlessly endangered.
- Update of the navigation button icons (again). Users have clearly indicated that the inverted color icons on glass and dark themes were less desirable. I've listened, and changed the icons for glass back to the pre-20 style but with added contrast, and made a distinction for dark personas (themes) where the icons are now simply inverted white (like in Firefox).
- Change for the color management system (CMS) so that Pale Moon now supports more types of embedded ICC profiles (including the already decade-old version 4 spec) and in the process fixing potential color issues on screens with images that embed such profiles.
- Update of the browser padlock code. You can now choose both a "modern" look (as introduced in version 19) and a "classic" look (as introduced in version 15, when this padlock feature was first added). It also removes some phantom spacing in locations where the padlock isn't used. Fixes:
- (CVE-2013-1692) Fix for the inclusion of body data in an XMLHttpRequest HEAD request, making cross-site request forgery (CSRF) attacks via a crafted web site more difficult.
- (CVE-2013-1697) Fix to restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges.
- (CVE-2013-1694) Fix to properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.
- Fix to prevent arbitrary code execution from the profiler developer tool.
- Fix for a crash when rapidly reloading pages.
- Fix for cross-document selections.
- Fixes for several crashes in JavaScript.
- Fixes for several memory safety hazards and uncommon memory leaks.

更新時間：2013-07-01
更新細節：

What's new in this version:

Changes:
- Implementation of some conservative additional multi-core support (mainly in graphics/media) using OpenMP. I'm taking baby steps here and will remain conservative in the use of multiple cores so stability of the browser isn't needlessly endangered.
- Update of the navigation button icons (again). Users have clearly indicated that the inverted color icons on glass and dark themes were less desirable. I've listened, and changed the icons for glass back to the pre-20 style but with added contrast, and made a distinction for dark personas (themes) where the icons are now simply inverted white (like in Firefox).
- Change for the color management system (CMS) so that Pale Moon now supports more types of embedded ICC profiles (including the already decade-old version 4 spec) and in the process fixing potential color issues on screens with images that embed such profiles.
- Update of the browser padlock code. You can now choose both a "modern" look (as introduced in version 19) and a "classic" look (as introduced in version 15, when this padlock feature was first added). It also removes some phantom spacing in locations where the padlock isn't used. Fixes:
- (CVE-2013-1692) Fix for the inclusion of body data in an XMLHttpRequest HEAD request, making cross-site request forgery (CSRF) attacks via a crafted web site more difficult.
- (CVE-2013-1697) Fix to restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges.
- (CVE-2013-1694) Fix to properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.
- Fix to prevent arbitrary code execution from the profiler developer tool.
- Fix for a crash when rapidly reloading pages.
- Fix for cross-document selections.
- Fixes for several crashes in JavaScript.
- Fixes for several memory safety hazards and uncommon memory leaks.

更新時間：2013-05-23
更新細節：

What's new in this version:

Changes:
- Update of the libpixman graphics library to improve performance for SSE2 CPUs
- Change to the "Clear download history" setting for use with the panel-based download manager (classic UI unaffected) Fixes:
- Fix for UAF with video and onresize event (crash fix)
- Fix for parameters being used uninitialized
- Fix for out-of-bounds read in SelectionIterator::GetNextSegment
- Fix for heap use-after-free in mozilla::plugins::child::_geturlnotify
- Fix for heap-use-after-free in nsFrameList::FirstChild (crash fix)
- Fix for heap-use-after-free in nsContentUtils::RemoveScriptBlocker (crash fix)
- Fix for out-of-bounds read crash in PropertyProvider::GetSpacingInternal (crash fix)
- Fix for out-of-bounds read in gfxSkipCharsIterator::SetOffsets
- Fix for assertion failure in nsUnicharStreamLoader::WriteSegmentFun with ISO-2022-JP
- Fix for crash with inline script in an XML doc (crash fix)
- Fix for "ASSERTION: Out of flow frame doesn't have the expected parent" and crash (crash fix)
- Fix for nsScriptSecurityManager::CheckLoadURIWithPrincipal being broken
- Fix for a problem where the IPC Channel could overwrite the stack
- Fix for Crash in MediaDecoder::UpdatePlaybackOffset (crash fix)
- Fix for Crash [@ nsTextFrame::HasTerminalNewline()] with splitText (crash fix)
- Fix for FTP use-after-free crash (crash fix)

更新時間：2013-05-23
更新細節：

What's new in this version:

Changes:
- Update of the libpixman graphics library to improve performance for SSE2 CPUs
- Change to the "Clear download history" setting for use with the panel-based download manager (classic UI unaffected) Fixes:
- Fix for UAF with video and onresize event (crash fix)
- Fix for parameters being used uninitialized
- Fix for out-of-bounds read in SelectionIterator::GetNextSegment
- Fix for heap use-after-free in mozilla::plugins::child::_geturlnotify
- Fix for heap-use-after-free in nsFrameList::FirstChild (crash fix)
- Fix for heap-use-after-free in nsContentUtils::RemoveScriptBlocker (crash fix)
- Fix for out-of-bounds read crash in PropertyProvider::GetSpacingInternal (crash fix)
- Fix for out-of-bounds read in gfxSkipCharsIterator::SetOffsets
- Fix for assertion failure in nsUnicharStreamLoader::WriteSegmentFun with ISO-2022-JP
- Fix for crash with inline script in an XML doc (crash fix)
- Fix for "ASSERTION: Out of flow frame doesn't have the expected parent" and crash (crash fix)
- Fix for nsScriptSecurityManager::CheckLoadURIWithPrincipal being broken
- Fix for a problem where the IPC Channel could overwrite the stack
- Fix for Crash in MediaDecoder::UpdatePlaybackOffset (crash fix)
- Fix for Crash [@ nsTextFrame::HasTerminalNewline()] with splitText (crash fix)
- Fix for FTP use-after-free crash (crash fix)

更新時間：2013-04-14
更新細節：

What's new in this version:

New/updated/changed major features:
- Per-window Private Browsing.
- Panel-based download manager.
- Ability to close hanging plugins, without the browser hanging.
- Performance improvements related to common browser tasks.
- Pale Moon specific Cairo performance fix for scaling/panning/zooming of HTML5 drawing surfaces.
- Pale Moon specific fixes for performance of drawing elements (gradients, etc.).
- HTML5 canvas now supports blend modes.
- Various HTML5 audio and video improvements.
- Update of the Status Bar code to work with the new code base.
- ECMAScript for XML (E4X) is kept available for add-ons. Note that this will be removed in future versions as E4X is obsolete.
- Developer tools have been enabled by default, considering the code is practically impactless unless actually used.
- Theming has been worked on to provide better contrast on glass/dark themes and to work around styling issues present in v19.
- Updated fallback character sets to Windows-1252.
- Restored legacy function key handling (uplifted from Firefox 22).
- Fixed UNC path handling (Chemspill Firefox 20.0.1).
- Always enable the use of personas, also in Private Browsing mode.
- Experimental: support for H.264 videos (disabled by default) Security fixes relevant to Pale Moon:
- MFSA 2013-30 A fairly large number of memory safety hazards (crashes/corruption/injection).
- MFSA 2013-31 Out-of-bounds write in Cairo library (CVE-2013-0800)
- MFSA 2013-34 Privilege escalation through Mozilla Updater (CVE-2013-0797)
- MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes (CVE-2013-0795)
- MFSA 2013-37 Bypass of tab-modal dialog origin disclosure (structural fix)
- MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations (CVE-2013-0793)
- MFSA 2013-39 Memory corruption while rendering grayscale PNG images (CVE-2013-0792)
- MFSA 2013-40 Crash fix: Out-of-bounds array read in CERT_DecodeCertPackage (CVE-2013-0791)

更新時間：2013-04-14
更新細節：

What's new in this version:

New/updated/changed major features:
- Per-window Private Browsing.
- Panel-based download manager.
- Ability to close hanging plugins, without the browser hanging.
- Performance improvements related to common browser tasks.
- Pale Moon specific Cairo performance fix for scaling/panning/zooming of HTML5 drawing surfaces.
- Pale Moon specific fixes for performance of drawing elements (gradients, etc.).
- HTML5 canvas now supports blend modes.
- Various HTML5 audio and video improvements.
- Update of the Status Bar code to work with the new code base.
- ECMAScript for XML (E4X) is kept available for add-ons. Note that this will be removed in future versions as E4X is obsolete.
- Developer tools have been enabled by default, considering the code is practically impactless unless actually used.
- Theming has been worked on to provide better contrast on glass/dark themes and to work around styling issues present in v19.
- Updated fallback character sets to Windows-1252.
- Restored legacy function key handling (uplifted from Firefox 22).
- Fixed UNC path handling (Chemspill Firefox 20.0.1).
- Always enable the use of personas, also in Private Browsing mode.
- Experimental: support for H.264 videos (disabled by default) Security fixes relevant to Pale Moon:
- MFSA 2013-30 A fairly large number of memory safety hazards (crashes/corruption/injection).
- MFSA 2013-31 Out-of-bounds write in Cairo library (CVE-2013-0800)
- MFSA 2013-34 Privilege escalation through Mozilla Updater (CVE-2013-0797)
- MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes (CVE-2013-0795)
- MFSA 2013-37 Bypass of tab-modal dialog origin disclosure (structural fix)
- MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations (CVE-2013-0793)
- MFSA 2013-39 Memory corruption while rendering grayscale PNG images (CVE-2013-0792)
- MFSA 2013-40 Crash fix: Out-of-bounds array read in CERT_DecodeCertPackage (CVE-2013-0791)