Pale Moon has been updated to version 26.0.2. The update is described as a bugfix, security and web compatibility release.
Web compatibility issues with Youtube, Netflix and other sites were included in the changes/fixes. For information on additionally included fixes/changes, see the Release Notes.
Note that two of the security fixes are described as "DiD" which stands for "Defense-in-Depth". These changes do not apply to any actively exploitable vulnerabilities in Pale Moon. Rather the updates are to prevent future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
- Updated NSS to 126.96.36.199-PM to fix a potential UAF and CVE-2015-7575.
- Crash fix: Prevented queueing multiple media sources that could lead to unsafe memory access.
- Prevented unsafe memory manipulations in zip archives. (CVE-2016-1945) DiD
- Prevented a potential buffer overflow in WebGL. (x64 only) (CVE-2016-1935) DiD
- Updated the way binaries are code-signed. Not only does v26.0 use a new SHA256-signed digital certificate, but starting this version will also be signed with both SHA1 and SHA256 digest algorithms to satisfy later Windows' code-signing requirements.
Minimum system Requirements (Windows):
- Windows Vista/Windows 7/Windows 8/Server 2008 or later
- A processor with SSE2 support
- 256 MB of free RAM (512 MB or more recommended)
- At least 150 MB of free (uncompressed) disk space
- PM4XP (Pale Moon for XP) has reached end of support and has been replaced with Pale Moon for Atom.
- Linux version: Available from http://www.palemoon.org/contributed-builds.shtml
UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...