SoftoRooM -> Pale Moon 26.0.2

26.0.2 (2016-02-03)
This is a bugfix, security and web compatibility release.
Changes/fixes:
• Removed the sanity check for unsupported point-of-sale XP-based operating systems by user request. Please see the forum for information on which operating systems we can reasonably support.
• Changed the way "transparent" is handled in Goanna to improve transparent gradients using this keyword.
• Made sure that dom.disable_beforeunload is predefined in about:config.
• Fixed web compatibility issues with Youtube, Youtube Gaming, Yuku fora and Netflix.
• Fixed web compatibility with Comcast/XFinity webmail and other sites or web applications that expect older JavaScript versions as default.
• Reinstated the about:config warning by default.
• Fixed 2 potential browser crashes.
Security fixes:
• Updated NSS to 3.19.4.1-PM to fix a potential UAF and CVE-2015-7575.
• Crash fix: Prevented queueing multiple media sources that could lead to unsafe memory access.
• Prevented unsafe memory manipulations in zip archives. (CVE-2016-1945) DiD
• Prevented a potential buffer overflow in WebGL. (x64 only) (CVE-2016-1935) DiD
• Updated the way binaries are code-signed. Not only does v26.0 use a new SHA256-signed digital certificate, but starting this version will also be signed with both SHA1 and SHA256 digest algorithms to satisfy later Windows' code-signing requirements.
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.