Friday, March 13, 2015

PaleMoon Version 25.3.0 Released with Security Updates

Pale Moon
Pale Moon has been updated to version 25.3.0 with improved features and performance as well as security updates.

From the Release Notes, it is noted that several security fixes are identified as DiD.  This means that the fix is "Defense-in-Depth":
"It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem."

Security fixes:

  • Disabled all RC4-based encryption ciphers by default. [More info]
  • Fixed several miscellaneous memory safety hazards.
    (applicable bugs related to CVE-2015-0835 and CVE-2015-0836)
  • Fixed loading of locally stored DLL files through the internal updater. (CVE-2015-0833)
  • Fixed a potential crash point in IndexedDB. (CVE-2015-0831) DiD
  • Fixed a double-free situation when using non-default memory allocators and a 0-length XHR. (CVE-2015-0828)
    Note: production builds of Pale Moon were never vulnerable.
  • Fixed a crash using DrawTarget in the Cairo graphics library. (CVE-2015-0824)
  • Fixed potential reading of local files through manipulation of form autocomplete. (CVE-2015-0822)
  • Fixed a potential PNG heap-overflow crash. DiD
  • Followed up on research regarding CVE-2014-8639 (see 25.2) and made cookie handling through proxies more restrictive again.
  • Fixed incorrect Sync "howto" instruction links from the Sync dialogs.
  • Fixed the color of selected tabs in Linux when personas (lightweight themes) are in use that do not match the overall tone of the OS system theme.
  • Fixed a bug where a variable in parentheses would abort Javascript parsing.
  • Fixed a bug where the address bar would incorrectly be cleared.
  • Fixed padding issues for dropdown lists.
  • Fixed DNS lookups so proper record types are requested for IPv4 and IPv6.

  • Added several significant performance optimizations for arrays and strings in javascript.
  • Added several code performance optimizations and bugfixes in SVG, the presentation shell, SCTP, style gradients and CSS parsing routines. (Thanks, Axiomatic!)
  • Added an "Open link in current tab" context menu entry on links for UI consistency.
  • Added a special case check for the Flash plugin version check on Linux failing due to commas instead of periods in the version string.
  • Added Windows 10 compatibility in executable manifests
The additional improvements included in this update are available in the Release Notes.

Minimum system Requirements (Windows):
  • Windows Vista/Windows 7/Windows 8/Server 2008 or later
  • A processor with SSE2 support
  • 256 MB of free RAM (512 MB or more recommended)
  • At least 150 MB of free (uncompressed) disk space
Pale Moon includes both 32- and 64-bit versions for Windows:
Other versions:


    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    No comments: