This is security and bugfix update.
Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
Implemented a revised version of http2PushedStream to address some thread safety issues.
Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
Added a fix for cross-thread access of Necko. (DiD)
Added a port safety check for Alternative Services.
Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and several networking and memory-safety hazards that do not have CVE numbers.
The kernel problem with recent updates has been solved. Find the solution here
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities
-- Introducing our new Website
-- MX Linux on social media: here
-- MX-18.3 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules
Pale Moon 28.6.1 is now in the main repo. All users should update.
We now have updated to 28.7.1 in the main repository. All users are urged to update.
Fixed an issue where saving a webpage to disk would sometimes drop tags from the document.
Fixed an issue with click-to-play plugin content throwing up a blank notification.
Fixed an issue in the renderer where region intersections would sometimes return the wrong result.
This fixes a regression caused by the fix for CVE-2016-5252.
Fixed security issues: CVE-2019-11744, CVE-2019-11752, CVE-2019-11737, CVE-2019-11746, CVE-2019-11750, CVE-2019-11747 and CVE-2019-11738.
Unified XUL Platform Mozilla Security Patch Summary: 7 fixed, 1 DiD, 1 already covered, 22 not applicable.