Pale Moon (32-bit) 歷史舊版本 Page6

更新時間：2016-12-16
更新細節：

What's new in this version:

Changes/fixes:
- Fixed certain network errors not displaying
- Fixed network error page styling
- Fixed the writing of DOM storage data to tabs (should solve the "tabs not loading their contents" issue when migrating a profile and some other situations)
- Disabled downloadable font unicode-ranges on non-Windows platforms
- Added a Google Fonts user-agent override for non-Windows platforms so they don't send unicode-ranged composite fonts (Feature detection? Google apparently still doesn't know what that is)
- Re-enabled the reporting of CSS errors to the console by default to prevent issues with some extensions who rely on this (e.g. Stylish).
- Fixed and updated preferences for location bar suggestions
- Fixed several x64-specific issues in memory allocation code (regression fix)
- Fixed timer issues when resuming a computer from stand-by (regression fix)
- Fixed a number of branding and textual issues in the browser
- Fixed prompting for the saving of off-line data (previously always allowed without prompting)
- Fixed a layout regression that would cause block elements following left floats to not wrap to the next line if there wasn't enough clearance
- Fixed a mismatch in Firefox extension compatibility-mode installation where Firefox extensions served by addons.mozilla.org would be marked incompatible when trying to install

Security-related and crash fixes:
- Fixed use-after-free while manipulating DOM events and removing audio elements (CVE-2016-9899)
- Fixed CSP bypass using the marquee tag (CVE-2016-9895)
- Fixed a vulnerability in the internal Jetpack modules (CVE-2016-9903). DiD
- Fixed use-after-free in Editor while manipulating DOM subtrees (CVE-2016-9898)
- Fixed an error in the buffer logic in http-chunked decoder
- Fixed a crash in generational GC code (not in use by default) DiD
- Fixed a compartment mismatch bug in plug-in code
- Fixed a crash trying to get a nonexistent property
- Improved MediaRecorder's observer safety
- Fixed a crash related to document history

- DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem

更新時間：2016-12-02
更新細節：

What's new in this version:

- Enabled Firefox Compatibility mode by default for the useragent string
- Unfortunately too many websites (and especially the big players who should know better like Google, Apple and Microsoft) still require the "we must pretend to be Firefox if we want this site to work" status quo to be maintained, because people still insist on using useragent sniffing to determine "browser features", or even worse, discriminate against free choice of browser by flat-out refusing service (I'm looking at you, banking industry and cloud services!) when visiting websites just because companies don't want to provide assistance to any but users on the main 3
- HTML offers plenty of ways to do proper feature detection; site owners should use them
- Seriously people, it was a bad idea 20 years ago, and it's a worse idea in 2016
- The built-in devtools are back, and with a facelift
- Thanks to some consistent community help, the built-in devtools, sorely missed by a number of our users, are back. They've received a code and style update and should be fully functional on the new platform. This was originally planned for 27.1, but it was decided to include this as soon as possible, not in the least to assist extension developers in their efforts to adapt to Pale Moon 27

Security fix:
- Fixed a crash in SVG, related to CVE-2016-9079, as a defense-in-depth measure

更新時間：2016-11-28
更新細節：

What's new in this version:

- Fixed removal of distribution/bundles/ copies of status bar code and ruby annotations code. This should clean up everything on install/upgrade that currently causes double code to create intermittent/odd behavior.
- Backed out some media back-end changes to fix MSE playback on Twitch.tv and other similar sites
- Disabled pop-up network status in full screen by default (since video detection is rather iffy at the moment)
- Fixed a regression causing the "reset profile" button to not appear in about:support on the default profile
- Worked around bad Netflix interface changes - it will now use a more compatible web UI Please note that these Netflix changes were unrelated to the actual release of Pale Moon (26.5 is also affected)
- Aligned base status bar colors with default prefs
- Fixed status bar options not being remembered
- Added an override for Amazon Prime videos so they won't stop us at the front door any longer when not using the Firefox Compatibility user agent mode
- Re-applied proper branding text to in-app licensing

更新時間：2016-11-22
更新細節：

What's new in this version:

New and updated features:
- Support for DirectX 11 and Direct2d 1.1 on Windows. This will bring Pale Moon more in line with the capabilities for current-day operating systems and graphics hardware.
- Update of the Goanna engine to 3.0 - with many changes to layout and rendering for the modern web
- Pale Moon now fully supports HTTP/2
- Ruby Annotations are now an integral part of the HTML parser, controllable with CSS
- Media Source Extensions have been implemented to solve many video playback issues. This can be enabled/disabled and configured in Options. It's recommended at this time to not enable MSE for WebM since there are a few issues with it on services like YouTube (e.g. losing audio when looping/skipping).
- Support for reading and playing so-called "fragmented" MP4 files has been added, further solving media playback issues
- Support for SSL/TLS connections to proxy servers
- Support for the WOFF2 font format for downloadable fonts
- The JavaScript engine has been updated with support for many landmark ECMAScript6 features (chief among them promises and generators). This will solve many of the web compatibility issues that people have started to run into in the past few months.
- The way web content is cached has been changed to be more efficient. If you want to immediately take advantage of this, clear your cache.

Removed support/features:
- Removed support for Windows XP. If you are still running Windows XP, then your only option is to continue using Pale Moon 26
- Removed the internal PDF (pre)viewer. This module was not maintained, was unable to display even half of the PDF documents correctly, and could not reasonably remain included in the browser. Please use a separate reader and/or install a PDF reader plugin.
- Disabled building of the devtools. They will not be included in release versions of Pale Moon from this point forward. If you are a web developer or otherwise need those tools, fear not! They are available as a browser extension.
- Removed the active XSS filter. This feature, although effective, was prone to some instability and needs to be rewritten for the update of our platform. It may or may not return in the future, depending on whether the original author has time to rewrite parts of this filter implementation.
- Removed support for Add-on SDK extensions (JetPack extensions), considering the Mozilla/Gecko SDK is no longer compatible with our combination of application and platform code.

Security highlights:
- All relevant security fixes up to and including Firefox 50 have been ported across from Mozilla to continue to provide an as secure as possible browser
- Several libraries have been updated to their latest versions to pick up any important vulnerability fixes
- There's a new option and control to determine whether to save zone information (marking files as "downloaded from the Internet") on downloaded files (Windows+NTFS). You can find this in Options

Other important notes:
- Pale Moon 27 will initially only be available in English. We are working on getting localization done to have language packs available over time. You can not use the previous version language packs since many strings have changed. Trying to do so will likely prevent the browser from starting or functioning.

更新時間：2016-09-28
更新細節：

What's new in this version:

Fixes/Changes:
- Implemented a breaking CSP (content security policy) spec change; when a page with CSP is loaded over http, Pale Moon now interprets CSP directives to also include https versions of the hosts listed in CSP if a scheme (http/https) isn't explicitly listed. This breaks with CSP 1.0 which is more restrictive and doesn't allow this cross-protocol access, but is in line with CSP 2 where this is allowed
- Fixed an issue with the XML parser where it would sometimes end up in an unknown state and throw an error (e.g. when specific networking errors would occur)
- Improved the performance of canvas poisoning by explicitly parallelizing it

Security fixes:
- Fixed a potentially exploitable crash related to text writing direction
- Made checking for invalid PNG files more strict. Pale Moon will now reject more PNG files that have corrupted/invalid data that could otherwise lead to potential security issues
- Changed the way paletted image frames are allocated so the space is cleared before it's used
- Fixed a crash in nsNodeUtils::CloneAndAdopt() due to a typo
- Fixed several memory safety issues and crashes: This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem

更新時間：2016-09-12
更新細節：

What's new in this version:

Changes/fixes:
- Fixed a crash in the XSS filter.
- Slightly changed the address bar shading on secure sites to be more subtle and easily-blended.
- Fixed the occurrence of "null" titles in bookmarks dragged from special folders.
- Fixed an error initializing the browser due to trying to restore scratchpad data from a stored session when having switched from a version with devtools to a version without devtools, and the previous version had scratchpad data saved.
- Fixed some minor issues in scratchpad and gcli devtools.

Security fixes:
- Updated the HSTS preload list to a much more updated source list, and performing our own checks on validity from now on to have the list be as accurate as possible.
- Disabled Triple-DES cipher suites by default (mitigating SWEET32).

更新時間：2016-08-17
更新細節：

What's new in this version:

Changes/fixes:
- Removed Google Search as a bundled search provider.
- Fixed the URL API to allow "stringification" of the object per specification. This should make a number of websites happy.
- Added the ES6 string .includes() function in addition to the pre-existing .contains() function for checking if a string contains another string. The .contains() function is retained for compatibility with web and extension scripts that adhere to the ES6 pre-release specification up to and including RC3.
- Fixed the calculation of standalone SVG embeds width and height, which should solve some reported issues with html5 graphs being displayed incorrectly.
- Linux: improved memory allocation.
- Updated the graphite font library to 1.3.9.
- Added a blocking rule for F-Secure's 64-bit deepguard library to prevent crashes.
- Updated the SQLite library to 3.13.0.
- Download= properties of links are now honored from the context menu "Save" option.
- Fixed a crash in the XSS filter.
- Fixed a crash in the DOM error module.
- Worked around a crash on Linux
- Linux: Improved optimization and GCC6 compatibility (Note: compiling with GCC 6 is still not recommended and it may or may not work, depending on your environment)

Security fixes:
- (CVE-2016-5251)Potential URL spoofing in the address bar.
- (CVE-2016-0718) Context-dependent crash in expat 2.1.0.
- (CVE-2016-5266) Outgoing dataTransfer items are not properly filtered.
- Fixed potentially exploitable crash in the array splice implementation.
- Fixed potentially exploitable crash caused by badly formatted ICO files.
- (CVE-2016-5254) Heap-use-after-free in nsXULPopupManager::KeyDown

更新時間：2016-07-01
更新細節：

What's new in this version:

- Fixed an additional issue found that could cause menu text on Windows 10 to be white-on-white (and therefore unreadable).
- Fixed an issue with news feeds not showing up when embedded in web pages.
- Removed recently-added parsing of the child-src content security policy directive, after some web compatibility issues with it came to light, as well as it becoming clear that the CSP spec will see it removed in favor of the previous directive for embedded content. This should fix some intermittent issues people have reported on e.g. the main google.com page and phpMyAdmin installations.

更新時間：2016-06-27
更新細節：

What's new in this version:

- Fixed a rare issue where the browser would not initialize properly (missing bookmarks and menu entries) if certain Windows registry values were missing (Windows 8 only).
- Fixed an issue on Windows 10 where the classic menu bar would become unreadable (white on white).
- Portable only: Switched to non-compressed binaries to prevent issues with antivirus packages, to prevent issues with browser run-time operation, and to simplify code signing.

更新時間：2016-06-25
更新細節：

What's new in this version:

- Fixed an issue with new tab button theming on dark toolbars.
- Reverted the useragent identification of Firefox compatibility mode to 38.9 to avoid WOFF2 font issues for sites that don't use proper font deployment as recommended by the W3C.
- Added a site-specific override for Google fonts to make sure it always works even if not using Firefox compatibility mode. (workaround pending for a proper solution on Google's side)
- Adjusted the "dark color" detection routine to switch text to white at higher relative contrast levels. This will more closely match Windows 10's "flip point" for different accent colors and is within the recommended range determined by the WCAG.