Removed redundant checks for "Vista or later" since that is all we support.Removed unmaintained and insecure WebRTC code - building with WebRTC enabled is no longer an option.Removed the notification bar when in full screen to prevent unwanted visible screen elements.Disabled a potentially problematic optimization on Win 8+ with high contrast themes in use.
Updated the kiss-fft library to our forked 1.4.0 version.Set the performance timer granularity to 1 ms.Fixed a crash with the exponentiation operator " **".Fixed gap inconsistency in the tabstrip.Updated our TLS 1.3 support to the latest (probably final) draft.Added support for ES6 "Symbol species".Added URL fix-ups for schemes (mis-typed "ttp://" etc.).Added a preference to control whether the text cursor (caret) should be thicker when dealing with CJK characters or not (default = yes).Added Eyedropper menu entry to the AppMenu.Added a setting in preferences to select the use of tab previews with Ctrl+Tab.Added support for emojis on Windows systems that have relatively poor support for them with standard font sets by including our own font (EmojiOne based for now).when surrounding code changes, exposing the problem, or when new attack vectors are discovered. Fixed a potential race condition in the JAR library.ĭiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g.Fixed a crash with some uncommon FTP operations.Fixed a crash in HTML media elements (CVE-2018-5102).Fixed a potential race condition in the browser cache.Added a check for integer overflow in AesTask::DoCrypto() (CVE-2018-5122) DiD.Improved the debug-only startup cache wrapper to prevent a rare crash.This takes the most cautious approach possible lacking more information (because apparently NDAs have been signed over this between mainstream players), follows Safari's lead, and should make it not just infeasible but downright impossible to use these timers for nefarious purposes in this context. Changed the performance timer resolution once more to a granularity of 1 ms, after evaluating more potential ways of abusing Spectre.Changed the X-Content-Type-Options: nosniff behavior to only check "success" class server responses, for web compatibility reasons.
0 kommentar(er)
