SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for newmoon-28.8.3-1.167.x86_64.rpm :

* Fri Feb 21 2020 avvissuAATTyandex.by- Update to 28.8.3:
* Fixed an issue in CSP blocking requests without a port for custom schemes.
* Fixed a potentially hazardous crash in layers.
* Fixed random crashes on some sites using IndexedDB.
* Changed the way the application can be invoked from the command-line to prevent a whole class of potential exploits involving modified omnijars.
* If your special-needs environment requires that you launch the browser with custom browser/gre omnijars from the command-line, you must set the UXP_CUSTOM_OMNI environment variable before launch from this point forward.
* Fixed an issue in the html parser after using HTML5 template tags, allowing JavaScript parsing and execution when it should not be allowed, risking XSS vulnerabilities on sites relying on correct operation of the browser.
* Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 2 DiD, 10 not applicable.
* Tue Oct 29 2019 avvissuAATTyandex.by- Update to 28.7.2:
* This is a security and bugfix update.
* Wed Sep 11 2019 avvissuAATTyandex.by- Update to 28.7.1:
* Fix whitelisting of JavaScript-uris by CSP hash.
* Properly implement various HSTS states.
* Use the correct group for JIT constraints.
* Ensure the right body element is used throughout the method call.
* Add checks to respect CSP-wildcard + Ports.
* Fix a crash in IndexedDB.
* Kill newly-spawned threads if we\'re shutting down.
* Remove HTML5 parser java docs and generation code.
* Belatedly fix html5 parser attribution for files not covered by the MPL.
* Fix an issue with the html5 tokenizer and tree builder.
* Correctly return zero vertices if clipping plane 0 or 2 clip away the entire polygon.
* Issue #1222: Don\'t load plugin instances when they have no `src` URI.
* Issue #1179: fix indentation
* New cycle version bump
* Issue #1221: Pass the original element into nsXMLContentSerializer::CheckElementEnd so that we can properly determine whether it has children.
* Thu Aug 29 2019 avvissuAATTyandex.by- Update to 28.7.0 :
* This is a major development update involving a partial JavaScript engine overhaul and improvement, implementing several website-impacting changes.
* Tue Aug 27 2019 avvissuAATTyandex.by- Del StartupWMClass from .desktop file
* Fri Jul 26 2019 avvissuAATTyandex.by- Update to 28.6.1:
* This is security and bugfix update.- Add StartupWMClass to .desktop- Disable LTO Optimization
* Thu Jul 04 2019 avvissuAATTyandex.by- Update to 28.6.0.1:
* This is an out-of-band update to fix some pressing issues with the latest release.- Change in 28.6.0:
* This is a major development update, focusing on under-the-hood improvements and bugfixes, code cleanup, and performance.
* Wed Jun 05 2019 avvissuAATTyandex.by- Update to 28.5.2:
* Fixed issues with image/texture allocation incorrectly being marked as insecure- Change in 28.5.1:
* This is a security and bugfix update- Add -Wno-format-overflow flag to build with gcc9
* Tue Apr 30 2019 avvissuAATTyandex.by- Build with SQLite >= 3.27.2
* Mon Apr 29 2019 avvissuAATTyandex.by- Update to 28.5.0:
* Redesigned the about box.
* Added \"Check for updates\" menu entries to the AppMenu and classic menu
* Restored the app.update.url.override pref for AUS testing/override.
* Added \"Loop\" control to html5 video.
* Fixed a crash with frames (e.g. when using Tile Tabs).
* Fixed an issue with textarea placeholders (spec compliance).
* Removed the Windows Maintenance Service one last time.
* Improved http basic auth DoS heuristics.
* Fixed an issue on big-endian machines (e.g. PPC64/linux).
* Removed e10s code from widgets.
* Preffed the various http \"Accept\" headers and aligned with the Fetch spec
* Aligned URLSearchParams with the spec.
* Updated several site-specific UA overrides.
* Fixed \"Yet Another special case of a flex frame being the absolute containing block\"™
* Fixed border drawing when the tab bar is hidden.
* Pref-controlled and disabled the use of unboxed plain objects in JavaScript\'s JIT compiler.
* Improved handling of interrupted connections through proxies and pseudo-VPN extensions.
* Removed contextual identity.
* Updated the 7zip installer stub to a much more recent code version.
* Fixed an issue with applying percentages to 0 in layout sizes.
* Fixed an issue with calculating linear sums in JS JITed code.
* Added default value feature to get
*Pref() preference functions.
* Fixed an issue that would occasionally overwrite the new tab custom URL.
* Updated the SQLite library to 3.27.2
* Killed the crashreporter toolkit files and exception handler hooks.
* Fixed an issue with a missing border on the tab bar when on the bottom.
* Fixed a crash with badly-formatted SVG files.
* Showed the robots to the exit after squatting in the browser for decades.
* JavaScript: Implemented TC39 toString() revision proposal.
* Rearchitectured the JavaScript front-end parser to provide better and more logical parsing of JS code.
* Removed support code and leftovers for unsupported SunOS, AIX, BEOS, HPUX and OS/2 operating systems.
* Removed all Firefox Accounts code.
* Made the CSS parser more robust and aligned url() behavior with the CSS3 spec in case of bad input.
* Fixed an issue with blocklist updates not actually dynamically applying due to a wrong URL.
* Updated the embedded emoji font to the TweMoji v11.4.0 equivalent.
* Fixed an issue with async/deferred scripts preventing page loads from completing.
* Tue Feb 05 2019 avvissuAATTyandex.by- Update to 28.3.1:
* [BASILISK] Disable WebEx support.
* Check for contiguous buffer state.
* Make Sourcebuffer::AppendFromInputStream handle canceled image loads.
* Make resuming of decoding work for anonymous decoders.
* Update libwebp to version 1.0.2
* Properly camelCase dom.intersectionObserver.enabled pref.
* Revert \"Disable IntersectionObserver API because of crashes.\"
* Actually unlink targets from registered intersection observers.
* Disable IntersectionObserver API because of crashes.
* Remove NS_IMPL_CYCLE_COLLECTION_TRAVERSE_SCRIPT_OBJECTS
* Consolidate tracing and traversing.
* Merge branch \'master\' of https://github.com/MoonchildProductions/UXP
* Rewrite IntersectionObserver list handling to be more robust.
* Merge pull request #931 from Ascrod/master
* Fix check for HSTS when service is disabled.
* Add isIntersecting property to IntersectionObserverEntry.
* New cycle version bump
* Improve toolbar icons for all DPIs
* [PALEMOON] Fix the option to disable HSTS.
* Add preference for fully disabling HSTS.
* [PALEMOON] Add captive portal preference to the UI.
* Add matching browser.newtab.choice pref to prevent error.
* [PALEMOON] Move Advanced prefs l10n strings to their proper place
* [PALEMOON] Clean up advanced prefs XUL
* [WebExAM] Use proper application name in WebExtension API error message.
* Sun Dec 09 2018 avvissuAATTyandex.by- Update to 28.2.2:
* Merge pull request #897 from trav90/telemetry-cleanup
* Merge pull request #896 from trav90/media-work
* Merge pull request #895 from trav90/code-cleanup
* Remove MediaTelemetryConstants
* [PALEMOON] Complete making Sync optional at build time
* Clear HAVE_LINUX_PERF_EVENT_H defines in ffvpx config before setting them for lib use
* Remove DirectShowReader
* Limit the CSS string length for resolved variables to sane values.
* Merge pull request #892 from binaryoutcast/pmTreeCleanup
* Clean up the Pale Moon tree
* Issue #890 - Port cpp aboutRedirector to javascript
* Update GMP AUS URL
* Fri Nov 30 2018 avvissuAATTyandex.by- Fix build with system libraries
* Sat Nov 17 2018 avvissuAATTyandex.by- Update to 28.2.1:
* [Pale Moon] Sync notification widget\'s messageImage should inherit the \'type\' attribute
* Issue #861 - The bookmark properties window should focus on the Name Picker text box on init
* Merge branch \'master\' of https://github.com/MoonchildProductions/UXP
* [PALEMOON] Use generic application icon for external applications in about:feeds
* Revert \"[PALEMOON] Use generic application icon for external applications in about:feeds\"
* Don\'t build internal updater by default and set default update channel to an inactive one.
* Enable gamepad support by default in Basilisk.
* Improve handling of MOZ_GAMEPAD and NECKO_WIFI
* Revert \"Move MOZ_GAMEPAD
* and NECKO_WIFI up\"
* Move MOZ_GAMEPAD
* and NECKO_WIFI up
* Remove AccumulateCipherSuite()
* Tue Nov 13 2018 avvissuAATTyandex.by- Update to 28.2.0:
* Back out problematic patch causing issue #865.
* #863 Part 3: Add Pale Moon GUI options for Opportunistic Encryption.
* #863 part 2: Make opportunistic encryption opt-in for UXP
* #863 Part 1: Make sending of http upgrade-insecure-requests optional
* Backout opportunistic encryption changes.
* Add GUI control to Pale Moon for opportunistic encryption.
* Swap default platform state for opportunistic encryption.
* Change captive portal detection URL to our own.
* Make opportunistic encryption configurable.
* Clear STDINT_H defines in libvpx config before setting them for lib use.
* Merge pull request #862 from JustOff/PR_editBookmarkOverlay_focus
* [PALEMOON] Focus and select the first non-collapsed text element in the bookmark properties dialog
* Backport some upstream Skia patches.
* Add overflow checks for extending nsTArrays.
* Ensure user input suppression works correctly even after document.open.
* Remove ancient workaround in client certificate code
* Apply CheckedInt to infoLength for preventing it from overflowing in the future.
* Make sure we remove our RefreshDriver observers in CompleteAsyncScroll.
* Fix a longstanding IndexedDB correctness issue.
* Don\'t allocate PendingAction twice.
* WebRTC: Drop DataChannelListener on Destroy().
* Make sure nsNSSCertList handling checks for valid certs.
* Thu Sep 20 2018 avvissuAATTyandex.by- Update to 28.1.0:
* Merge branch \'worker-fix\'
* Rewrite the Code of Conduct document.
* Use SessionStore.promiseInitialized() to avoid race condition in \"about:home\" (#774)
* New cycle version bump.
* Merge pull request #770 from JustOff/PR_bgtab_notify
* [BASILISK] Skip notifications for background tabs when restoring a session
* [PALEMOON] Skip notifications for background tabs when
* Merge pull request #767 from trav90/class-memaccess-errors
* Send worker-runnables destined for the main thread actually to the main thread.
* Stop using the worker MainThreadTaskQueue from dom/fetch.
* Stop using the MainThreadTaskQueue from service workers.
* Fix wrong SVG sizes with non-integer values for viewBox width/height.
* Don\'t memset-zero the BacktrackingAllocator::vregs array of non-trivial VirtualRegister instances
* Call memset on a void
*, not a T
*, in js_delete_poison to avoid memset-on-nontrivial warnings with gcc that don\'t matter for an object whose lifetime is about to end
* Initialize some asm.js structures using in-class initializers instead of PodZero
* Stop using PodZero in several places to initialize values of non-trivial type
* Fix clang build bustage.
* Flush some more buildlog output to screen when prudent.
* Update HSTS preload list- Switch to a default user profile
* Fri Aug 31 2018 avvissuAATTyandex.by- Update to 28.0.1:
* Backed out a Mozilla upstream patch causing issues with IPC and texture allocation for the compositor.
* Backed out a Mozilla upstream patch causing issues with Javascript memory buffer allocation.
* Mon Aug 20 2018 avvissuAATTyandex.by- Update to 28.0.0:
* This is a new major relearse with transition to the Unified XUL Platform.- Drop palemoon-27.4.0-gcc7.patch (fixed)- Drop palemoon-27.6.0-homepage.patch- Update pathes:
* palemoon-26.3.0-ini.patch > palemoon-28.0.0-profile.patch
* palemoon-27.5.0-prefs.patch > palemoon-28.0.0-vendor.patch- Add palemoon-28.0.0-nongnome-proxies.patch- Build with gcc on openSUSE >= 15- Add required dependencies: mozilla-nspr mozilla-nss- Add distribution.ini.in (openSUSE bookmarks, homepage and info)- Change the default profile to ~/.Moonchild Productions- Cleanup build options
* Tue Jul 10 2018 avvissuAATTyandex.by- Update to 27.9.4:
* Fix typo (RefPtr -> nsRefPtr)
* Ensure the right anonymous element is focused when calling input.focus()
* Perform some sanity checks on nsMozIconURI.
* Update dimensions early in ClearTarget.
* Reject some invalid qcms transforms.
* Confirm launch of executables other than .exe on Windows.
* Check redirect status code before forwarding to NPAPI.
* Prevent various location-based hazards.
* Restrict web access to moz-icon:// scheme
* Satisfy AMO\'s discrimination by UA.
* Wed Jun 13 2018 avvissuAATTyandex.by- Update to 27.9.3:
* Add a nullcheck in DOMProxyHandler::EnsureExpandoObject
* Fix count of compacting update tasks started.
* Merge pull request #1682 from trav90/HSTS-preload-update
* Update HSTS preload list
* Clarify status or repo in README.
* Fix typo in 9b54bd30006c008b4a951331b273613d5bac3abf
* Port libopus upstream patch.
* Fix missing include in Skia SafeMath
* Mon May 21 2018 avvissuAATTyandex.by- Update to 27.9.2:
* Add sanity checks in nsScriptableUConv.cpp
* Avoid calling SVGAnimatedEnumeration::AnimVal() from nsSVGUtils::GetBBox().
* Consistently use PR memory functions.
* Change MOZ_ASSERT to MOZ_RELEASE_ASSERT.
* Add and use Skia\'s \"Safe Math\" (DiD)
* Bug 1409440.
* Check for infinite value in txFormatNumberFunctionCall.
* Drop invisible characters from downloads filename.
* Final version as per IRC
* Update dialog strings for blocklist entry pop-up.
* Make soft-blocked wording more generic so people don\'t blow their top over it.
* Update blocklist pm112
* Tue May 08 2018 avvissuAATTyandex.by- Update to 27.9.1:
* Add support for FFmpeg 4.0/libavcodec58
* Bump UI version in glue to clear sync migration with a last try.
* Implement mozilla::IsAsciiAlpha
* Adjust cairo mutex locks for Tycho targets.
* Port malloc improvements from UXP.
* Unstable version bump
* [MSE] Force TrackID for MSE tracks.
* Revert \"Work around crashes when trackless mediastreams are encountered.\"
* Tue Apr 17 2018 avvissuAATTyandex.by- Update to 27.9.0:
* http://www.palemoon.org/releasenotes.shtml
* Wed Mar 28 2018 avvissuAATTyandex.by- Update to 27.8.3:
* http://www.palemoon.org/releasenotes.shtml- Use hard links
* Thu Mar 22 2018 avvissuAATTyandex.by- Update to 27.8.2:
* http://www.palemoon.org/releasenotes.shtml
* Tue Mar 06 2018 avvissuAATTyandex.by- Update to 27.8.1:
* http://www.palemoon.org/releasenotes.shtml
* Fri Mar 02 2018 avvissuAATTyandex.by- Update to 27.8.0:
* http://www.palemoon.org/releasenotes.shtml
* Wed Jan 31 2018 avvissuAATTyandex.by- Update to 27.7.2:
* http://www.palemoon.org/releasenotes.shtml
* Wed Jan 17 2018 avvissuAATTyandex.by- Update to 27.7.1:
* http://www.palemoon.org/releasenotes.shtml
* Sun Jan 14 2018 avvissuAATTyandex.by- Update to 27.7.0:
* http://www.palemoon.org/releasenotes.shtml- Drop palemoon-27.6.0-return.patch (fixed)- Add -Wno-address flag when building with gcc- Spec file cleanup
* Sat Nov 25 2017 avvissuAATTyandex.by- Update to 27.6.2:
* http://www.palemoon.org/releasenotes.shtml
* Wed Nov 15 2017 avvissuAATTyandex.by- Update to 27.6.1:
* http://www.palemoon.org/releasenotes.shtml
* Tue Nov 07 2017 avvissuAATTyandex.by- Update to 27.6.0:
* http://www.palemoon.org/releasenotes.shtml- Update palemoon-27.6.0-homepage.patch- Drop palemoon-27.4.2-locale.patch (fixed)- Add palemoon-27.6.0-return.patch
* Wed Oct 25 2017 avvissuAATTyandex.by- Build with clang on Factory- Switch to gold linker- Add the --enable-pie option
* Fri Oct 20 2017 avvissuAATTyandex.by- Build with gcc7 on Factory (palemoon-27.4.0-gcc7.patch)- Add LDFLAGS to spec file- Build with ffmpeg
* Mon Oct 09 2017 avvissuAATTyandex.by- Update to 27.5.0:
* http://www.palemoon.org/releasenotes.shtml
* Sun Sep 24 2017 avvissuAATTyandex.by- Update to 27.5.0:
* http://www.palemoon.org/releasenotes.shtml- Refresh palemoon-27.4.0-prefs.patch > palemoon-27.5.0-prefs.patch
* Mon Sep 18 2017 avvissuAATTyandex.by- Fix build with gcc6 (use fstack protection flag)- Add palemoon-27.4.2-locale.patch
* Tue Aug 22 2017 avvissuAATTyandex.by- Update to 27.4.2:
* Small update to address some security and stability issues.
* Thu Aug 03 2017 avvissuAATTyandex.by- Update to 27.4.1:
* Small update to fix some stability and usability issues.
* Mon Jul 10 2017 avvissuAATTyandex.by- Update to 27.4.0:
* This is a major update to straighten out most of the media streaming issues, as well as adding the necessary enhancements, bugfixes and security fixes to the browser.- Build with gcc6 on openSUSE Tumbleweed- Build with system libvpx- Update pathes:
* palemoon-27.1.0-prefs.patch > palemoon-27.4.0-prefs.patch
* palemoon-27.0.3-homepage.patch > palemoon-27.4.0-homepage.patch
* Sat Apr 29 2017 avvissuAATTyandex.by- Update to 27.3.0:
* Fixed up, checked and enabled vertical text writing modes!
* Pale Moon will now be able to display vertical, right-to-left script.
* Added the option to reset non-default profiles.
* Fixed various issues in the WebP image decoder.
* Added internally-supported document types to allowed types.
* Fixed locale selection in ICU after update to ICU58.
* Re-implemented the previous spellchecker dictionary logic
* Ongoing fixes for the MP4 parser and MSE.
* Made HTML Media Elements\' preload attribute MSE-spec compliant.
* The preload attribute on HTML media elements is now ignored in the case of an MSE source.
* Fixed an issue with Synced preferences sometimes overwriting stored individual preferences.
* Fixed display of RSS folder icons.
* Fixed issues with custom context menus.
* Fixed an issue importing bookmarks with separators losing their extra data.
* Changed the way numeric addresses are handled in the address bar so it doesn\'t perform a search when it shouldn\'t.
* Added an option (browser.sessionstore.cache_behavior) to control from which source restored tabs pull their page content
* Improved upon a v27 performance regression with SVG scaling.
* Improved performance by being more selective which CSS animations to process.
* As a side-effect, elements changing their display from \"none\" to something visible now also animate.
* Increased memory allocation for the use of very large PAC files.
* Added menu entries for the permissions manager and improvements to its function and display.
* Added preferences to control \"highlight all\" behavior of find bar
* Added devtools command-line options.
* Added remote IP and protocol to Devtools->Network entry details.
* Fixed a regression in the MSIE profile migrator.
* Removed migration of browser-specific settings when migrating data from IE/Safari.
* Implemented optional parameters for permessage-deflate in preparation for RFC7692 errata making acceptance of them mandatory.
* Made the image document favicon skinnable.
* Aligned DOM selection addRange with the spec.
* Exposed mozAnon constructor js binding to system scopes for XHR.
* Enhanced form data handling from JavaScript.- Security fixes:
* (CVE-2017-5451) (CVE-2017-5446) (CVE-2017-5438) (CVE-2017-5439) (CVE-2017-5444) (CVE-2017-5445) (CVE-2017-5447) (CVE-2017-5442)- Update translations to 27.3.0-RC2
* Thu Apr 20 2017 avvissuAATTyandex.by- Build without icu >= 58.2 (segfault)
* Fri Mar 24 2017 avvissuAATTyandex.by- Update to 27.2.1:
* Small update to fix some stability and usability issues.
* Sat Mar 18 2017 avvissuAATTyandex.by- Update to 27.2.0:
* Major update with a focus on back-end improvements and security.- Switсh to gcc6 (openSUSE_Tumbleweed)
* Fri Mar 03 2017 avvissuAATTyandex.by- Update to 27.1.2:
* Small update adding a workaround for potential deadlocks happening in media elements
* Wed Feb 22 2017 avvissuAATTyandex.by- Update to 27.1.1:
* Implemented a fix in media handling to prevent crashes with concurrent videos and/or rapidly starting/stopping video playback in the browser.
* Fixed the way the Adobe Flash plugin is detected to prevent confusion with other plugins that identify themselves as \"Flash\".
* Sat Feb 11 2017 avvissuAATTyandex.by- Fixed: Use system hunspell
* Wed Feb 08 2017 avvissuAATTyandex.by- Update to 27.1.0:
* Reworked the media back-end completely to use FFmpeg and our own MP4 parser.
* Restored classic about:config styling.
* Added a fallback to US-ASCII if the autoconfig UTF-8 conversion fails.
* Improved cross-compartment wrapper handling when managing a large number of tabs (performance).
* Changed the way audio and video synchronization is calculated to account for (slow) device latency, preventing things from getting out of sync.
* Changed the way scripts are handled when they are stopped from the \"unresponsive script\" dialog, to prevent browser lockup.
* Fixed several errors in the devtools.
* Fixed a nasty crash caused by cross-origin referrers.
* Added HTML5-spec clipboard handling for content (cut© only -- paste is not allowed for security reasons).
* Made multiple changes to the jetpack modules to cater to PMkit extensions.
* Fixed a css layout issue: make max-width affect contributions to intrinsic min-width.
* Implemented several updates to the permissions manager.
* Removed Metro browser platform/widget code.
* Removed support for non-standard/deprecated let blocks and expressions.
* Made the use of let as a keyword versionless and ES6 compliant.
* Made the privacy category in preferences a tabbed setup to better fit the current options.
* Fixed a regression preventing certain MP4 video files from playing.
* Fixed a regression where seeking in media files would halt playback/jump to the end of the stream.
* Changed the Facebook user-agent.
* Fixed the general useragent override taking priority over site-specific overrides.
* Changed CORS handling to allow data: sources, assuming they are same-origin.
* Reinstated the network.stricttransportsecurity.enabled preference.
* In HSTS \"off\" state, prevented HSTS site status from being written to disk.
* Updated the IDN blacklist with more extended unicode characters that \"look very similar to\" normal ASCII characters, to prevent spoofing of well-known domains.
* Fixed an exploitable crash when using MP4 video. (CVE-2017-5396)
* Fixed an exploitable crash in XSL parsing. (CVE-2017-5376)
* Fixed a potential security issue when exporting certificates with specially-crafted credentials. (CVE-2017-5381)
* Fixed a potential use-after-free situation in frame selection. (CVE-2017-5380).
* Fixed a leak of window details through the Ion compiler in certain situations.
* Fixed the potential for an exploitable crash involving Javascript.
* Fixed a potential overflow situation in WebRTC code.
* Fixed a potentially unsafe situation in websockets.
* Fixed several memory and other safety hazards.- Update translations to 27.1.0-RC1- Update patch:
* palemoon-27.0.3-prefs.patch -> palemoon-27.1.0-prefs.patch- Drop patches (fixed in upstream):
* palemoon-27.0.0-link.patch
* palemoon-27.0.3-regexp-esr.patch
* Tue Jan 31 2017 avvissuAATTyandex.by- Fix build on openSUSE > 42.2:
* palemoon-27.0.3-regexp-esr.patch (bmo#1329252)
* Tue Jan 10 2017 avvissuAATTyandex.by- Update translations to RC16
* Fri Dec 16 2016 avvissuAATTyandex.by- Update to 27.0.3:
* Fixed certain network errors not displaying.
* Fixed network error page styling.
* Fixed the writing of DOM storage data to tabs.
* Added a Google Fonts user-agent override.
* Re-enabled the reporting of CSS errors to the console by default.
* Fixed and updated preferences for location bar suggestions.
* Fixed several x64-specific issues in memory allocation code.
* Fixed timer issues when resuming a computer from stand-by.
* Fixed a number of branding and textual issues in the browser.
* Fixed prompting for the saving of off-line data.
* Fixed a layout regression that would cause block elements following left floats to not wrap to the next line if there wasn\'t enough clearance.
* Fixed a mismatch in Firefox extension compatibility-mode installation where Firefox extensions served by addons.mozilla.org would be marked incompatible when trying to install.
* Fixed use-after-free while manipulating DOM events and removing audio elements (CVE-2016-9899).
* Fixed CSP bypass using the marquee tag (CVE-2016-9895).
* Fixed a vulnerability in the internal Jetpack modules (CVE-2016-9903).
* Fixed use-after-free in Editor while manipulating DOM subtrees (CVE-2016-9898).
* Fixed an error in the buffer logic in http-chunked decoder.
* Fixed a crash in generational GC code (not in use by default)
* Fixed a compartment mismatch bug in plug-in code
* Fixed a crash trying to get a nonexistent property.
* Improved MediaRecorder\'s observer safety.
* Fixed a crash related to document history.- Update translations to 27.0.0_RC12- Add translation sub-packages- Override default home page (add palemoon-27.0.3_homepage.patch)
* Wed Dec 07 2016 avvissuAATTyandex.by- Update translations to 27.0.0_RC10
* Tue Dec 06 2016 avvissuAATTyandex.by- Setting the extensions.autoDisableScopes to \"11\"
* Fri Dec 02 2016 avvissuAATTyandex.by- Update to 27.0.2:
* This is a bugfix release for some of the issues that popped up with the new milestone.- Add translations for package newmoon- Spec-file cleanup
* Tue Nov 22 2016 avvissuAATTyandex.by- Update to 27.0.0:
* Update of the Goanna engine to 3.0 - with many changes to layout and rendering for the modern web.
* Pale Moon now fully supports HTTP/2.
* Ruby Annotations are now an integral part of the HTML parser, controllable with CSS.
* Media Source Extensions have been implemented to solve many video playback issues.
* Support for reading and playing so-called \"fragmented\" MP4 files has been added, further solving media playback issues.
* Support for SSL/TLS connections to proxy servers.
* Support for the WOFF2 font format for downloadable fonts.
* The JavaScript engine has been updated with support for many landmark ECMAScript6 features.
* The way web content is cached has been changed to be more efficient.
* Removed the internal PDF (pre)viewer.
* Disabled building of the devtools.
* Removed the active XSS filter..
* Removed support for Add-on SDK extensions.
* All relevant security fixes up to and including Firefox 50 have been ported across from Mozilla.
* More info: http://www.palemoon.org/releasenotes.shtml- Rename package to newmoon (see:https://www.palemoon.org/redist.shtml)- Build with option: --with-system-icu- set LD_LIBRARY_PATH- Add palemoon-27.0.0-link.patch
* Thu Sep 29 2016 avvissuAATTyandex.by- Update to 26.5.0:
* Implemented a breaking CSP (content security policy) spec change.
* Fixed an issue with the XML parser.
* Improved the performance of canvas poisoning by explicitly parallelizing it.- Security fixes:
* (CVE-2016-5280)
* Made checking for invalid PNG files more strict.
* Changed the way paletted image frames are allocated so the space is cleared before it\'s used.
* Fixed a crash in nsNodeUtils::CloneAndAdopt() due to a typo.
* Fixed several memory safety issues and crashes.
* Wed Sep 14 2016 avvissuAATTyandex.by- Update to 26.4.1:
* Fixed a crash in the XSS filter.
* Slightly changed the address bar shading on secure sites to be more subtle and easily-blended.
* Fixed the occurrence of \"null\" titles in bookmarks dragged from special folders.
* Fixed an error initializing the browser due to trying to restore scratchpad data from a stored session when having switched from a version with devtools to a version without devtools, and the previous version had scratchpad data saved.
* Fixed some minor issues in scratchpad and gcli devtools.- Security fixes:
* Updated the HSTS preload list to a much more updated source list, and performing our own checks on validity from now on to have the list be as accurate as possible.
* Disabled Triple-DES cipher suites by default.
* Sat Aug 20 2016 avvissuAATTyandex.by- Update to 26.4.0:
* Removed Google Search as a bundled search provider
* Fixed the URL API to allow \"stringification\" of the object per specification
* Added the ES6 string .includes() function in addition to the pre-existing
* Fixed the calculation of standalone SVG embeds width and height
* Improved memory allocation
* Updated the SQLite library to 3.13.0
* Download= properties of links are now honored from the context menu \"Save\" option
* Fixed a crash in the XSS filter- Security fixes:
* (CVE-2016-5251) Potential URL spoofing in the address bar
* (CVE-2016-0718) Context-dependent crash in expat 2.1.0
* (CVE-2016-5266) Outgoing dataTransfer items are not properly filtered
* Fixed potentially exploitable crash in the array splice implementation
* Fixed potentially exploitable crash caused by badly formatted ICO files
* (CVE-2016-5254) Heap-use-after-free in nsXULPopupManager::KeyDown
* Fri Jul 08 2016 avvissuAATTyandex.by- Update to 26.3.3:
* Small bugfix update
* Sun Jun 26 2016 avvissuAATTyandex.by- Update to 26.3.1:
* Reverted the useragent identification of Firefox compatibility mode to 38.9
* Added a site-specific override for Google fonts to make sure it always works even if not using Firefox compatibility mode
* Sun Jun 19 2016 avvissuAATTyandex.by- Initial release
 
ICM