Welcome!

The kernel problem with recent updates has been solved. Find the solution here

Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

News
-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.3 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

MX 15 Repository: The palemoon thread

User avatar
Stevo
Developer
Posts: 20140
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#261

Post by Stevo » Thu Jul 25, 2019 9:30 pm

Pale Moon 28.6.1 is now in the main repo. All users should update.
This is security and bugfix update.
Changes/fixes:

Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
Implemented a revised version of http2PushedStream to address some thread safety issues.
Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
Fixed a type confusion issue in JavaScript Arrays. (DiD)
Added a fix for cross-thread access of Necko. (DiD)
Added a port safety check for Alternative Services.
Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and several networking and memory-safety hazards that do not have CVE numbers.

User avatar
Stevo
Developer
Posts: 20140
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#262

Post by Stevo » Fri Sep 13, 2019 1:53 pm

We now have updated to 28.7.1 in the main repository. All users are urged to update.
Fixed an issue where saving a webpage to disk would sometimes drop tags from the document.
Fixed an issue with click-to-play plugin content throwing up a blank notification.
Fixed an issue in the renderer where region intersections would sometimes return the wrong result.
This fixes a regression caused by the fix for CVE-2016-5252.
Fixed security issues: CVE-2019-11744, CVE-2019-11752, CVE-2019-11737, CVE-2019-11746, CVE-2019-11750, CVE-2019-11747 and CVE-2019-11738.
Unified XUL Platform Mozilla Security Patch Summary: 7 fixed, 1 DiD, 1 already covered, 22 not applicable.

Post Reply

Return to “Package Requests/Status - MX-15/16”