Pale Moon (32-bit) 歷史舊版本 Page4

更新時間：2019-07-05
更新細節：

What's new in this version:

Changes/fixes:
- Updated the application icon to provide better visuals on Windows classic and other grey backgrounds
- Reduced the Master Password hashing rounds to prevent issues with stored password retrieval while still sufficiently strengthening the encryption
- If you have previously re-keyed the database after the update to 28.6.0, you should do so again by going through the change master password process to reduce access times
- Updated the WhatsApp Web site-specific user-agent override to respond to Google refusing access based on the old string
- Updated the branding for the portable launcher

更新時間：2019-07-02
更新細節：

What's new in this version:

- Implemented String.prototype.trimStart and String.prototype.trimEnd
- Implemented Array.prototype.flat and Array.prototype.flatMap
- Implemented Symbol.prototype.description
- Added support for gzip-compressed SVG-in-Opentype fonts
- Updated official branding
- Updated reader view components
- Added a preference to control the setting of cookies through meta header information (non-standard feature) and disabled by default
- Updated ES6 Atomics and re-enabled them
- Updated internationalization code to support updated time zones and the Japanese Reiwa era
- Updated NSS to a custom version to have better encryption strength for master passwords
- IMPORTANT: To use this strong encryption and re-key the password database with it, change your master password (can be changed to the same one you already had if desired, but you have to go through the change password process). Depending on your computer and the number of stored passwords, this encryption update may take some time, so please be patient. Please be aware that once re-keyed, the password store will be locked to the new encryption and will no longer be accessible with the master password in older versions of Pale Moon
- Restored "Release notes" in the help menu
- Rearchitectured the application/extension update code
- Added several performance improvements to DOM and the parser
- Improved JavaScript garbage collection of dead compartments
- Fixed a performance issue with painting on some pages
- Improved performance of some websites with complex event regions
- Fixed a potential performance issue in display lists on some pages
- Fixed a rendering bottleneck for the use of XRender when using a remote session
- Fixed graphical artifacts/flickering when using XRender on Intel or Intel-hybrid GPU setups
- Added a DiD fix for potential future issues with inlining array natives
- Fixed a potential UAF situation in the HTML5 parser (DiD
- Fixed an origin-clean bypass issue
- Changed the way permissions for predefined sites are loaded
- Reverted the 28.5.1 change to treat *.jnlp files as executables (CVE-2019-11696) after input from an Oracle representative. Java Web Start files are not executable and should not be treated any different than regular documents handled by external applications
- Removed SecurityUI telemetry
- Removed some other dead telemetry code
- Removed geo-specific selection of default search engines
- Deprecated the use of FUEL
- Removed the unused code for "enhanced tiles" in the new tab page
- Removed preference to brute-force e10s to on
- Removed Unboxed Array code
- Removed Unboxed Object code
- Fixed failure to print if a page contains a 0-sized <canvas> element
- Fixed an issue with tab-modal dialogs being presented in the wrong order
- Fixed an issue with the tab bar remaining collapsed in customize mode if normally hidden
- Fixed an issue with Sync when choosing to overwrite data with synced data
- Fixed an issue with tab previews on the taskbar
- Fixed an issue with IntersectionObserver viewport accuracy
- Fixed Scroll bar orientation on Mac OS X
- Fixed an issue with anchor/link targets not re-using a named target
- Fixed a build issue with Gnu-CC on PPC64
- Fixed browser.link.open_newwindow functionality

更新時間：2019-06-05
更新細節：

What's new in this version:

- Fixed issues with image/texture allocation incorrectly being marked as insecure

更新時間：2019-06-04
更新細節：

更新時間：2019-05-01
更新細節：

What's new in this version:

- Redesigned the about box
- Added "Check for updates" menu entries to the AppMenu and classic menu (since the About box redesign no longer has application update in it)
- Restored the app.update.url.override pref for AUS testing/override
- Added "Loop" control to html5 video
- Fixed a crash with frames (e.g. when using Tile Tabs)
- Fixed an issue with textarea placeholders (spec compliance)
- Removed the Windows Maintenance Service one last time
- Improved http basic auth DoS heuristics
- Fixed an issue on big-endian machines (e.g. PPC64/linux)
- Removed e10s code from widgets
- Preffed the various http "Accept" headers and aligned with the Fetch spec (except for image requests)
- Aligned URLSearchParams with the spec
- Updated several site-specific UA overrides
- Fixed "Yet Another special case of a flex frame being the absolute containing block"
- Fixed border drawing when the tab bar is hidden
- Pref-controlled and disabled the use of unboxed plain objects in JavaScript's JIT compiler
- Improved handling of interrupted connections through proxies and pseudo-VPN extensions
- Removed contextual identity
- Updated the 7zip installer stub to a much more recent code version
- Fixed an issue with applying percentages to 0 in layout sizes
- Fixed an issue with calculating linear sums in JS JITed code
- Added default value feature to get*Pref() preference functions
- Fixed an issue that would occasionally overwrite the new tab custom URL
- Updated the SQLite library to 3.27.
- Killed the crashreporter toolkit files and exception handler hooks
- Fixed an issue with a missing border on the tab bar when on the bottom
- Fixed a crash with badly-formatted SVG files
- Showed the robots to the exit after squatting in the browser for decades
- JavaScript: Implemented TC39 toString() revision proposal
- Rearchitectured the JavaScript front-end parser to provide better and more logical parsing of JS code
- Removed support code and leftovers for unsupported SunOS, AIX, BEOS, HPUX and OS/2 operating systems
- Fixed a scrollbar arrow issue on OS X
- Removed all Firefox Accounts code
- Made the CSS parser more robust and aligned url() behavior with the CSS3 spec in case of bad input
- Fixed an issue with blocklist updates not actually dynamically applying due to a wrong URL
- Updated the embedded emoji font to the TweMoji v11.4.0 equivalent
- Fixed an issue with async/deferred scripts preventing page loads from completing

更新時間：2019-03-28
更新細節：

What's new in this version:

- Fixed hover state arrows on some controls
- Fixed potential denial-of-service issues involving FTP (loading of subresources and spamming errors)
- Disabled Microsoft Family Safety (Win 8.1) by default. This prevents security issues as a result of a local MitM setup
- Added several site-specific overrides (Firefox Send and polyfill.io) to work around website UA-sniffing isues
- Implemented the origin-clean algorithm for controlling access to image resources
- Cleaned up the helper application service code
- Ported applicable security fixes from Mozilla
- Implemented several defense-in-depth measures
- Fixed several memory safety hazards and crashes
- Binaries are now code-signed again (including the setup program for the installer)

更新時間：2017-11-29
更新細節：

What's new in this version:

- Implemented the concept of so-called "cookie-averse document objects" which is a security&privacy measure that blocks certain web content from setting cookiesThis mitigates cookie-injection, which might help against "hidden" cookie tracking
- Mitigated some domain name spoofing through IDN by using dotless-i and dotless-j with accents
- Pale Moon will display these kinds of spoofed domains in punycode now in the actual address bar
- Please note that the identity panel will always be able to help you on secure sites when IDNs are in use to notice potential spoofing, as opposed to relying on detection algorithms in the URL itselfAs such
- Fixed an issue with mixed-content blocking
- Added an extra check for the correct signature data type on certificates
- Added missing sanitization in exporting bookmarks to HTML
- Fixed several crashes and memory safety hazards

更新時間：2017-11-15
更新細節：

What's new in this version:

- This is a minor bugfix release to address some pressing issues people have reported

Changes/fixes:
- Fixed a regression with new windows (opening two windows from the command-line or file association, focus issues on new windows, not loading the home page in a new window, etc.)
- Aligned XHR with the currect spec to allow withCredentials
- Fixed an input element focus issue within handlers
- Fixed the processing of all-padding HTTP/2 frames to prevent rare HTTP/2 hangups
- Updated CitiBank override to work around their login issues
- Updated Netflix override to a community-supplied one that seems to satisfy their arbitrary restrictions better

更新時間：2017-11-08
更新細節：

What's new in this version:

Changes/fixes:
- Dropped support for Direct2D 1.0 to avoid font rendering issues. Windows installations not capable of using Direct2D 1.1 will now fall back to software rendering. As a result, fonts may look different from this version onwards if you are on Windows Vista or Windows 7. Users on Windows 7 affected by this should install the Platform Update to re-enable Direct2D
- Updated the Brotli decoder library, and enabled support for Brotli HTTP content-encoding by default
- Added notifications to inform users about WebExtensions not being supported if they try to install them (as opposed to "extension is corrupt")
- Added a number of DOM childNode convenience functions. This should fix some lazy-loading frameworks
- (enjoy your LOLcats again!)
- Changed automatic updates over to the new infrastructure
- Added extra proxy settings in Options, covering DNS lookups through SOCKS v5 and automatic proxy authentication with known credentials
- Added a selectable fallback character encoding of UTF-8 and fallback to UTF-8 as a last effort. (Issue #1423)
- Improved timing of canplay and canplaythrough firing to work around a potential race condition locking up queued video playback
- Improved upmixing of mono sound for multi-channel setups
- Fixed a parallelization issue with the KISS-FFT library causing CPU-deadlocked threads (Issue #1425)
- Fixed "Remove from history" function from the downloads panel
- Forced focus on the address bar in new windows if the content is a blank/empty document
- Fixed the dropmarker in the address bar to allow the suggestions to be closed with a click
- Further cleaned up the status bar code
- Disabled window.showModalDialog; it's been removed from the spec 2 years ago and has potential abuse issues (modal dialogs block the UI)
- Fixed image decoder calls to make sure the image load event doesn't fire prematurely
- Updated LibPNG to 1.6.28, and enabled faster SSE2 decoding
- Updated WOFF2 code from upstream
- Updated the zlib compression library
- Made general improvements to internal code structure and spec adherence
- Fixed an issue with certain command-line parameters being used
- Updated the default theme to improve consistency and contrast of toolbar and download buttons
- Increased the default duration of notification pop-ups and made them configurable
- Improved handling of audio-visual media (ongoing)
- Fixed an issue in CSS where elements would sometimes reflow to the next line even with sufficient visual space
- Aligned the implementation of for(let x=y;;) loops with the final ES6 specification
- Fixed the selection system inside of a nested contenteditable element being broken
- Fixed Windows 10 detection for blocklisting graphics drivers
- Enabled pasting of clipboard data in documents without an editor element to improve web compatibility
- Fixed the uninstallation routine of restartless add-ons
- Fixed the handling of unimplemented functions in the console API
- Updated the Facebook user-agent to enable otherwise vendor-restricted functionality
- Updated the SVG scaling cache limit to be more lenient for larger SVG images at a small performance trade-off, working around some sites' design issues

Security/privacy fixes:
- Added an option to clear Site Connectivity Data (delete history)
- Removed stale entries from the HSTS preload list, and improved generation/processing of it
- Removed undesired certificate issuer organization to common name fallback (if issuer org is empty)
- Added pretty-printing for ECDSA-SHA224, 256, 384 and 512 hashed certificate signatures
- Worked around some more issues with broken Apple fonts

更新時間：2017-10-11
更新細節：

What's new in this version:

Changes/fixes:
- Changed the default Windows 10 styling when no accent color is aplied to black-on-white
- Changed the theme styling on Windows 10 when the system window frame is used (menu bar enabled) to use the window manager background directly, preventing visual lag updating the window color when it changes
- Updated user agent overrides for DropBox, YouTube and Yahoo to work around user agent sniffing issues
- Fixed a crash in the media subsystem
- Fixed a regression where video playback hardware acceleration was disabled incorrectly on some systems

Security fixes:
- Updated libhyphen to the latest upstream code to fix a security issue
- Updated NSPR to 4.16-RTM with a patch to un-bust building on win64
- Updated NSS to 3.32.1-RTM
- Worked around some more issues with Mac fonts (CVE-2017-7825)
- Fixed a potential rooting hazard in NPAPI plugin code. DiD
- Fixed a potential reference issue in JavaScript arrays. DiD