Pale Moon has been updated to version 25.6. This update includes critical security updates as well as numerous fixes/changes.
- Fixed a memory safety bug due to a bad test in nsZipArchive.cpp (CVE-2015-2735).
- Fixed a memory safety bug in nsZipArchive::BuildFileList (CVE-2015-2736).
- Fixed a memory safety bug caused by an overflow in nsXMLHttpRequest::AppendToResponseText (CVE-2015-2740).
- Fixed a Use After Free in CanonicalizeXPCOMParticipant (CVE-2015-2722).
- Fixed off-main-thread nsIPrincipal use of various consumers in the tree (only grab the principal when needed).
- Fixed an issue where an IPDL message was sent off the main thread.
- Fixed a potentially exploitable TCPSocket crash due to a race condition.
A complete list of the fixes, changes and additions is available in the Release Notes. Some of the changes that may be of particular interest to users are as follows:
- Canvas anti-fingerprinting option: Pale Moon now includes the option to make canvas fingerprinting much more difficult. By setting the about:config preference canvas.poisondata to true, any data read back from canvas surfaces will be "poisoned" with humanly-imperceptible data changes. By default this is off, because it has a large performance impact on the routines reading this data.
- Added a feature to allow icon fonts to be used even when users disallow the use of document-specified fonts. This should retain full navigation for icon-font heavy websites (no more dreaded "boxes" with hex codes) when custom text fonts are disabled.
- Added a feature to prevent screen savers from kicking in when playing full-screen HTML5 video. This is currently not yet operational on Linux because of stability issues we've run into on that OS, but Windows should properly benefit from this change.
- Fixed miscellaneous crash scenarios (See Release Notes)
Minimum system Requirements (Windows):
- Windows Vista/Windows 7/Windows 8/Server 2008 or later
- A processor with SSE2 support
- 256 MB of free RAM (512 MB or more recommended)
- At least 150 MB of free (uncompressed) disk space
- PM4XP (Pale Moon for XP) has reached end of support and has been replaced with Pale Moon for Atom.
- Linux version: Available from http://www.palemoon.org/contributed-builds.shtml
UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...