Pale Moon (32-bit) 歷史舊版本 Page11

更新時間：2013-11-05
更新細節：

What's new in this version:

- This is a minor update to revert the change of disabling 2 specific SSL3 ciphers by default, since it broke more web sites than anticipated (including external elements pulled in from third-party sites using SSL).

更新時間：2013-11-04
更新細節：

What's new in this version:

Fixes:
- MFSA 2013-102 Use-after-free in HTML document templates.
- MFSA 2013-101 Memory corruption in workers.
- MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing.
- MFSA 2013-99 Security bypass of PDF.js checks using iframes.
- MFSA 2013-98 Use-after-free when updating offline cache.
- MFSA 2013-97 Writing to cycle collected object during image decoding.
- MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions.
- MFSA 2013-95 Access violation with XSLT and uninitialized data.
- MFSA 2013-94 Spoofing addressbar though SELECT element.
- MFSA 2013-93 Miscellaneous memory safety hazards.
- Security + cleanup fix: No longer store empty event handlers.
- User interface: Fix for the classic downloads window having a blank title with no running downloads.
- User interface: Fix of the drop-down menu "double entry" in the all-tabs list as-a-menu setup. Changes:
- Extensions are now set to automatically update by default. Because many users fail to do the occasional check to see if there are updates available to their extensions, the default is to automatically check and install available updates to extensions from this version forward to give the best possible browsing experience. If you prefer to check manually, make sure to change the setting accordingly in your add-on manager. New Features:
- When there is a web feed available on a website, Pale Moon will now display a feed indicator on the right side of the address bar to indicate that feeds are available. You can click this icon to subscribe to feeds.
- If you don't want this indicator, set browser.urlbar.rss to false in about:config
- Note: more technical information on the forum.

更新時間：2013-09-27
更新細節：

What's new in this version:

- In some cases when having an image open, the User Interface would not properly redraw resulting in blank controls and tab headers.
- In some cases, having an image open would cause 100% processor use on one core.
- Drawing thumbnails of standalone images in the tab headers would often be slow and processor-intensive.

更新時間：2013-09-18
更新細節：

What's new in this version:

- Fix for unreadable address bar text when visiting a broken or mixed-mode SSL site.
- Fix for an incorrect browser cache size default when first starting the browser. (regression)
- Note: If you have used version 24.0, then please check your Options -> Advanced -> Network tab, and if the cache size is set to "1024", change it back to its default "250" to prevent unnecessary use of disk space and potential slowing of the browser.
- Fix for themes not applying to Private Browsing windows. (regression)
- A small update to the new icon to fix some visual issues with it.
- Reduction of visual friction and CPU usage on some operations by disabling smooth scrolling on it by default (e.g. Home/End keys).

更新時間：2013-09-13
更新細節：

What's new in this version:

- Switch to a new Mozilla code base (Gecko 24.0).
- Update of the Pale Moon icon/logo. Special thanks go to Roger Gómez del Casal for providing me with an interesting concept design image to use as a base for it!
- Fixes for all relevant security vulnerabilities.
- Many changes and updates in the rendering, scripting and parsing back-end to provide significant improvements in overall browser performance (including benchmark scores).
- Addition of a number of HTML5 elements, improving overall HTML5 standards compliance.
- Implementation of the webaudio API (most features that are no longer draft).
- Removal of Tab Groups (Panorama). If you actively used this functionality, I have also made an add-on (Mozilla dev sourced) available to restore this feature to the browser. If you have issues with the supplied add-on or want to give other tab grouping methods a try, you can use alternatives found on AMO.
- Removal of a few additional Accessibility options.
- Inclusion of an updated version of the Add-on SDK and loader to solve recent issues with SDK/Jetpack add-ons.
- Adjustment of the Quickdial "new tab" feature to have better layout.
- Extension of the address bar shading functionality to more clearly indicate when there is a problem with a secure site (red shading on broken SSL/mixed content).
- New way of handling plugins with control on a per-site basis. An extensive description can be found on the forum. Restored/maintained a number of features that were removed from recent Firefox versions:
- Graphical tab switching feature with quick search (Ctrl+Shift+Tab).
- Removing the tab bar if there is only one tab present.
- Options for the loading of images.
- More recovery options in the Safe Mode startup dialog box than just nuking your profile.
- Send Link/E-mail Link mail client integration functionality.
- Unification of version numbers. x86 and x64 will from this point forward use the same version number (and icon) without an architecture designation. This will solve potential compatibility issues on new major versions, as well as the superfluous compatibility check when switching between x86 and x64 on the same profile.

更新時間：2013-08-13
更新細節：

What's new in this version:

Changes:
- A change to how tab histories are cached to improve the overall memory footprint and make browsing smoother, especially when using a large number of tabs with extensive active use.
- A change to the networking pipelining back-end to use a more aggressive fallback if there are issues with pipelining requests, to minimize delays when loading pages and prevent time-outs.
- Update of the compiler to Visual Studio 2012 Update 3, to fix a few compiler issues.
- Removed the double entry for smooth scrolling selection in preferences (leaving just the one in the scrolling tab) Fixes:
- (CVE-2013-1704) ASAN heap-use-after-free in nsINode::GetParentNode
- (CVE-2013-1708) Non-null crash at nsCString::CharAt
- (CVE-2013-1712) Code injection through internal updater
- (CVE-2013-1713) InstallTrigger can use the wrong principal when validating URI loads
- (CVE-2013-1714) Cross Domain Policy override using webworkers
- Fix for Updater crash
- Fix for XSS vulnerability/URI spoofing
- Fix for newly allocated WebGL array buffers (prevent the use of uninitialized memory)
- Several fixes for the SSL crypto library (CVE-2013-1705 and others)
- Fix for do_QueryFrame support
- x64: Fix for Yarr error
- Update to the installer's 7zsfx module to prevent dll hijacking

更新時間：2013-07-22
更新細節：

What's new in this version:

- A small update to address issues with the new Aero glass theme, e.g. Tab Groups not showing.

更新時間：2013-07-01
更新細節：

What's new in this version:

Changes:
- Implementation of some conservative additional multi-core support (mainly in graphics/media) using OpenMP. I'm taking baby steps here and will remain conservative in the use of multiple cores so stability of the browser isn't needlessly endangered.
- Update of the navigation button icons (again). Users have clearly indicated that the inverted color icons on glass and dark themes were less desirable. I've listened, and changed the icons for glass back to the pre-20 style but with added contrast, and made a distinction for dark personas (themes) where the icons are now simply inverted white (like in Firefox).
- Change for the color management system (CMS) so that Pale Moon now supports more types of embedded ICC profiles (including the already decade-old version 4 spec) and in the process fixing potential color issues on screens with images that embed such profiles.
- Update of the browser padlock code. You can now choose both a "modern" look (as introduced in version 19) and a "classic" look (as introduced in version 15, when this padlock feature was first added). It also removes some phantom spacing in locations where the padlock isn't used. Fixes:
- (CVE-2013-1692) Fix for the inclusion of body data in an XMLHttpRequest HEAD request, making cross-site request forgery (CSRF) attacks via a crafted web site more difficult.
- (CVE-2013-1697) Fix to restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges.
- (CVE-2013-1694) Fix to properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.
- Fix to prevent arbitrary code execution from the profiler developer tool.
- Fix for a crash when rapidly reloading pages.
- Fix for cross-document selections.
- Fixes for several crashes in JavaScript.
- Fixes for several memory safety hazards and uncommon memory leaks.

更新時間：2013-05-23
更新細節：

What's new in this version:

Changes:
- Update of the libpixman graphics library to improve performance for SSE2 CPUs
- Change to the "Clear download history" setting for use with the panel-based download manager (classic UI unaffected) Fixes:
- Fix for UAF with video and onresize event (crash fix)
- Fix for parameters being used uninitialized
- Fix for out-of-bounds read in SelectionIterator::GetNextSegment
- Fix for heap use-after-free in mozilla::plugins::child::_geturlnotify
- Fix for heap-use-after-free in nsFrameList::FirstChild (crash fix)
- Fix for heap-use-after-free in nsContentUtils::RemoveScriptBlocker (crash fix)
- Fix for out-of-bounds read crash in PropertyProvider::GetSpacingInternal (crash fix)
- Fix for out-of-bounds read in gfxSkipCharsIterator::SetOffsets
- Fix for assertion failure in nsUnicharStreamLoader::WriteSegmentFun with ISO-2022-JP
- Fix for crash with inline script in an XML doc (crash fix)
- Fix for "ASSERTION: Out of flow frame doesn't have the expected parent" and crash (crash fix)
- Fix for nsScriptSecurityManager::CheckLoadURIWithPrincipal being broken
- Fix for a problem where the IPC Channel could overwrite the stack
- Fix for Crash in MediaDecoder::UpdatePlaybackOffset (crash fix)
- Fix for Crash [@ nsTextFrame::HasTerminalNewline()] with splitText (crash fix)
- Fix for FTP use-after-free crash (crash fix)

更新時間：2013-04-14
更新細節：

What's new in this version:

New/updated/changed major features:
- Per-window Private Browsing.
- Panel-based download manager.
- Ability to close hanging plugins, without the browser hanging.
- Performance improvements related to common browser tasks.
- Pale Moon specific Cairo performance fix for scaling/panning/zooming of HTML5 drawing surfaces.
- Pale Moon specific fixes for performance of drawing elements (gradients, etc.).
- HTML5 canvas now supports blend modes.
- Various HTML5 audio and video improvements.
- Update of the Status Bar code to work with the new code base.
- ECMAScript for XML (E4X) is kept available for add-ons. Note that this will be removed in future versions as E4X is obsolete.
- Developer tools have been enabled by default, considering the code is practically impactless unless actually used.
- Theming has been worked on to provide better contrast on glass/dark themes and to work around styling issues present in v19.
- Updated fallback character sets to Windows-1252.
- Restored legacy function key handling (uplifted from Firefox 22).
- Fixed UNC path handling (Chemspill Firefox 20.0.1).
- Always enable the use of personas, also in Private Browsing mode.
- Experimental: support for H.264 videos (disabled by default) Security fixes relevant to Pale Moon:
- MFSA 2013-30 A fairly large number of memory safety hazards (crashes/corruption/injection).
- MFSA 2013-31 Out-of-bounds write in Cairo library (CVE-2013-0800)
- MFSA 2013-34 Privilege escalation through Mozilla Updater (CVE-2013-0797)
- MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes (CVE-2013-0795)
- MFSA 2013-37 Bypass of tab-modal dialog origin disclosure (structural fix)
- MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations (CVE-2013-0793)
- MFSA 2013-39 Memory corruption while rendering grayscale PNG images (CVE-2013-0792)
- MFSA 2013-40 Crash fix: Out-of-bounds array read in CERT_DecodeCertPackage (CVE-2013-0791)