Pale Moon: Release notes 27.6.2 (2017-11-28)

[guest6]

Pale Moon: Release notes

27.6.2 (2017-11-28)
This is a security and minor bugfix update to the browser.
This will most likely be the last update for 2017, with the holidays not far away.

Changes/fixes:

    Implemented the concept of so-called "cookie-averse document objects" which is a security&privacy measure that blocks certain web content from setting cookies. This mitigates cookie-injection, which might help against "hidden" cookie tracking.
    Mitigated some domain name spoofing through IDN by using dotless-i and dotless-j with accents. (CVE-2017-7832)
    Pale Moon will display these kinds of spoofed domains in punycode now in the actual address bar.
    Please note that the identity panel will always be able to help you on secure sites when IDNs are in use to notice potential spoofing, as opposed to relying on detection algorithms in the URL itself. As such, some other issues like CVE-2017-7833 are already mitigated by us.
    Fixed an issue with mixed-content blocking. (CVE-2017-7835)
    Added an extra check for the correct signature data type on certificates.
    Added missing sanitization in exporting bookmarks to HTML. (CVE-2017-7840)
    Fixed several crashes and memory safety hazards.
    Fixed the Linux load throbber image to be properly encoded, to prevent flickering.
    Removed the shortcut key combination for restarting the browser to avoid issues with people using certain keyboard layouts hitting the combination and unintentionally triggering a browser restart.

Link