Friday, May 08, 2015

Pale Moon Versaion 25.4 Released

Pale Moon
Pale Moon has been updated to version 25.4.  This is a major update which numerous fixes/changes as well as security updates.

IMPORTANT: If you use a language pack, make sure to update it to the latest version!  Although automatic updates are enabled for language packs, double-check that the version matches. If you are using an older language pack with this version of the browser, some dialog boxes may come up blank.

Update:  Version 25.4.1 was released to address two minor but important bug fixes.

Security fixes:
  • Fixed several memory safety hazards (UAF/DF/UU); applicable bugs covered by CVE-2015-0815 and CVE-2015-0815.
  • Fixed CVE-2015-0811 [qcms] heap info leak.
  • Fixed CVE-2015-0810 clickjacking attacks via a Flash object in conjunction with DIV elements.
  • Fixed CVE-2015-0801 a variant of CVE-2015-0818.
  • Fixed CVE-2015-0800 improve randomness of DNS resolver queries on Android.
  • Fixed CVE-2015-0798 access to privileged URLs through about: redirector.

Listed below is just a small portion of the fixes and changes to this release.  For the complete list, including many Android, Linux changes, see the Release Notes
  • Added a new "mixed-mode" state for HTTPS connections. Clarified mixed-mode connections with a mixed-mode padlock and better tooltips.
  • Added a conditional partial shading to the URL bar and made it default (shading only on secure sites, no red shading at all by default).
  •  Added native IPv6 lookups to NSPR to solve IPv6-only and dual-stack setups in some situations
  • Added a pref to control the unloading of idle plugins from memory and lowered the default "idle" time to 60 seconds before plugins are unloaded\
  • Added fix to prevent spurious re-paints with plugins (performance/UX improvement)
  • Added display of HTTPS protocol (SSL/TLS) to the page info window (thanks Travis!)
  • Updated SQLite from 3.7.17 to v3.8.8.3, improving history/bookmark/etc. performance by up to 50% depending on operation
  • Windows: Set the double-click/Ctrl+arrow word selection to not eat the space (only select the actual word)
  • Updated a number of trusted root certificates, and distrusted the CNNIC root certificate by popular demand
  • Removed the plugin check link from the Addons Manager, since it's no longer reliable and not officially available for browsers except Mozilla Firefox. (Bonus: no user profiling/tracking through optimizely!)
  • Optimized the NSS callback for secure connections
  • Updated the domains that are whitelisted for installation of extensions/themes/personas, streamlining the use of
  • Improved certificate display: Removed MD5 and added SHA256 fingerprint, and made them selectable/copyable
  • Updated classification of secure connections: Classify any encryption with less than 128 bits or including RC4 (if manually enabled, see previous version notes) as weak.
  • Fixed an NVIDIA specific GLX server vendor bug for pixmap depth and fbConfig depth
  • Removed most telemetry code, reducing code complexity and wasted CPU
  • Made DNS caching a lot less aggressive to align the browser's behavior with the dynamic nature of the modern web.
  • Removed Mozilla-specific parameters for searches. Search suggestions should now work again for Google searches.
  • Fixed the "double padlock while loading a secure site" niggle in the UI

    Minimum system Requirements (Windows):
    • Windows Vista/Windows 7/Windows 8/Server 2008 or later
    • A processor with SSE2 support
    • 256 MB of free RAM (512 MB or more recommended)
    • At least 150 MB of free (uncompressed) disk space
    Pale Moon includes both 32- and 64-bit versions for Windows:
    Other versions:


      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      No comments: