Tuesday, August 22, 2017

Pale Moon Version 27.4.2 Released with Security Updates


Pale Moon
Pale Moon version 27.4.2 has been released to address some security and stability issues.  Details from the Release Notes:

Security fixes:
  • Updated NSPR to 4.15.
  • Updated NSS to 3.31.1.
  • Fixed a DoS issue using overly long Username in URL scheme (CVE-2017-7783)
  • Fixed an issue where (cross domain) iframes could break scope (CVE-2017-7787)
  • Fixed an issue in WindowsDllDetourPatcher (CVE-2017-7804)
  • Fixed an issue with elliptic curve addition in mixed Jacobian-affine coordinates (CVE-2017-7781)
  • Fixed a UAF in nsImageLoadingContent (CVE-2017-7784)
  • Fixed a UAF in WebSockets (CVE-2017-7800)
  • Fixed a heap-UAF in RelocateARIAOwnedIfNeeded (CVE-2017-7809) DiD (accessibility is disabled)
*DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

Changes/fixes:
  • Fixed a number of crashes.
  • Enabled the opt-in debugging feature to log SSL keys to a file in all builds.
  • Added a fix for TLS 1.3 handshakes causing a browser hangup.
    Handshakes should be considerably faster now and no longer stall in the wrong circumstances.
Minimum system Requirements (Windows):
  • Windows Vista/Windows 7/8/10/Server 2008 or later
  • Windows Platform Update (Vista/7) strongly recommended
  • A processor with SSE2 instruction support
  • 256 MB of free RAM (512 MB or more recommended)
  • At least 150 MB of free (uncompressed) disk space
Pale Moon includes both 32- and 64-bit versions for Windows, Pale Moon Portable, Pale Moon for Linux and Pale Moon for Android.

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.


    References:


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    No comments:

    Post a Comment

    Neither spam nor comments containing vulgarities will be approved.