From the Release Notes, it is noted that several security fixes are identified as DiD. This means that the fix is "Defense-in-Depth":
"It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem."
- Disabled all RC4-based encryption ciphers by default. [More info]
- Fixed several miscellaneous memory safety hazards.
(applicable bugs related to CVE-2015-0835 and CVE-2015-0836)
- Fixed loading of locally stored DLL files through the internal updater. (CVE-2015-0833)
- Fixed a potential crash point in IndexedDB. (CVE-2015-0831) DiD
- Fixed a double-free situation when using non-default memory allocators and a 0-length XHR. (CVE-2015-0828)
Note: production builds of Pale Moon were never vulnerable.
- Fixed a crash using DrawTarget in the Cairo graphics library. (CVE-2015-0824)
- Fixed potential reading of local files through manipulation of form autocomplete. (CVE-2015-0822)
- Fixed a potential PNG heap-overflow crash. DiD
- Followed up on research regarding CVE-2014-8639 (see 25.2) and made cookie handling through proxies more restrictive again.
- Fixed incorrect Sync "howto" instruction links from the Sync dialogs.
- Fixed the color of selected tabs in Linux when personas
(lightweight themes) are in use that do not match the overall tone of
the OS system theme.
- Fixed a bug where the address bar would incorrectly be cleared.
- Fixed padding issues for dropdown lists.
- Fixed DNS lookups so proper record types are requested for IPv4 and IPv6.
- Added several code performance optimizations and bugfixes in SVG, the presentation shell, SCTP, style gradients and CSS parsing routines. (Thanks, Axiomatic!)
- Added an "Open link in current tab" context menu entry on links for UI consistency.
- Added a special case check for the Flash plugin version check on Linux failing due to commas instead of periods in the version string.
- Added Windows 10 compatibility in executable manifests
Minimum system Requirements (Windows):
- Windows Vista/Windows 7/Windows 8/Server 2008 or later
- A processor with SSE2 support
- 256 MB of free RAM (512 MB or more recommended)
- At least 150 MB of free (uncompressed) disk space
- PM4XP (Pale Moon for XP): A rebuild by Matt Tobin: http://binaryoutcast.com/software/projects/pm4xp/
- Linux version: Available from http://www.palemoon.org/contributed-builds.shtml
UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...