Wednesday, February 03, 2016

Pale Moon Version 26.0.2 Release With Security Updates

Pale Moon

Pale Moon has been updated to version 26.0.2.  The update is described as a bugfix, security and web compatibility release.

Web compatibility issues with Youtube, Netflix and other sites were included in the changes/fixes.  For information on additionally included fixes/changes, see the Release Notes

Note that two of the security fixes are described as "DiD" which stands for "Defense-in-Depth".  These changes do not apply to any actively exploitable vulnerabilities in Pale Moon.  Rather the updates are to prevent future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

Security fixes:
  • Updated NSS to to fix a potential UAF and CVE-2015-7575.
  • Crash fix: Prevented queueing multiple media sources that could lead to unsafe memory access.
  • Prevented unsafe memory manipulations in zip archives. (CVE-2016-1945) DiD
  • Prevented a potential buffer overflow in WebGL. (x64 only) (CVE-2016-1935) DiD
  • Updated the way binaries are code-signed. Not only does v26.0 use a new SHA256-signed digital certificate, but starting this version will also be signed with both SHA1 and SHA256 digest algorithms to satisfy later Windows' code-signing requirements.

Minimum system Requirements (Windows):
  • Windows Vista/Windows 7/Windows 8/Server 2008 or later
  • A processor with SSE2 support
  • 256 MB of free RAM (512 MB or more recommended)
  • At least 150 MB of free (uncompressed) disk space
Pale Moon includes both 32- and 64-bit versions for Windows:
Other versions:


    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    No comments: