Firefox Developer Edition for Mac,即眾所周知的 Firefox Quantum,可以讓您試用即將在主要 Firefox 版本中出現的最新開發工具和功能。
最新的開發人員版本與以前的版本不同的原因在於,他們不再使用 Aurora 渠道作為基礎。現在,他們使用 Beta 通道作為基礎。
增強引擎吸引了以前的 Firefox 用戶
下一代 Web 瀏覽器引擎使 Firefox 可以利用計算機的幾乎所有 CPU 內核。開始瀏覽後,您會在幾秒鐘內發現更快的性能。
該引擎的主要目標是提高性能,但對其隱私功能也進行了改進。例如,Quantum 可以阻止互聯網上的跟踪器並防止您的隱私受到損害。
最新的 Firefox 幫助 Web 開發人員
您可以在此最新的 Firefox 版本中找到許多很棒的新開發人員工具。以前的工具也在那裡。一些最著名的工具包括針對幾種不同瀏覽器的 JavaScript 調試器以及使您可以創建動態且精緻的 Web 佈局的 CSS 網格。
“檢查器”,“控制台”和“網絡”選項卡有幾個新功能。例如,現在可以使用 Inspector 完成 CSS 工作。至於控制台,它現在使您可以檢查嵌入式對象並進行組消息傳遞。
新的“ Photon”用戶界面具有煥然一新的外觀
該界面的 GUI 設計模式是全新的,感覺更加現代化。方形標籤取代了彎曲的標籤。另外,還有一個新的主菜單,它比舊菜單更好地組織。
適用於 macOS 的 Firefox 開發人員版的選項卡窗口是新的,其中包括推薦的故事和訪問量最大的網站的列表。
A 完全重新設計的引擎,外觀新穎,性能更好。
在過去的幾年中,Quantum 是 Firefox 的一項巨大創新,無疑比競爭對手領先。當然,這將有助於使 Firefox 瀏覽器重新回到主流。
還可用:下載適用於 Windows 的 Firefox 開發人員版 88988923
| 檔案版本 |
Node.js 17.3.1 |
| 檔案名稱 |
node-v17.3.1.pkg |
| 檔案大小 |
|
| 系統 |
Mac OS X 10.9 or later |
| 軟體類型 |
開源軟體 |
| 作者 |
Mozilla Organization |
| 更新日期 |
https://www.mozilla.org/en-US/firefox/developer/ |
| 軟體類型 |
2022-01-11 |
| 更新日誌 |
|
What's new in this version: Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531):
- Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.
- Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option
- More details will be available at CVE-2021-44531 after publication
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532):
- Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.
- Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
- More details will be available at CVE-2021-44532 after publication
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533):
- Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.
- Affected versions of Node.js do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.
- More details will be available at CVE-2021-44533 after publication
Prototype pollution via console.table properties (Low)(CVE-2022-21824):
- Due to the formatting logic of the console.table() function it was not safe to allow user controlled input to be passed to the properties parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be __proto__. The prototype pollution has very limited control, in that it only allows an empty string to be assigned numerical keys of the object prototype.
- Versions of Node.js with the fix for this use a null protoype for the object these properties are being assigned to
- More details will be available at CVE-2022-21824 after publication
- Thanks to Patrik Oldsberg (rugvip) for reporting this vulnerability |
| 檔案下載 |
檔案下載
|