Pale Moon has been updated to Version 27.6.2. This is a security and minor bugfix update. Details from the Release Notes:
Changes/fixes:
- Implemented the concept of so-called "cookie-averse
document objects" which is a security&privacy measure that blocks
certain web content from setting cookies. This mitigates
cookie-injection, which might help against "hidden" cookie tracking.
- Mitigated some domain name spoofing through IDN by using
dotless-i and dotless-j with accents. (CVE-2017-7832)
Pale Moon will display these kinds of spoofed domains in punycode now in the actual address bar. (See Identity Panel below)*
Please note that the identity panel will always be able to help you on secure sites when IDNs are in use to notice potential spoofing, as opposed to relying on detection algorithms in the URL itself. As such, some other issues like CVE-2017-7833 are already mitigated by us.
- Fixed an issue with mixed-content blocking. (CVE-2017-7835)
- Added an extra check for the correct signature data type on certificates.
- Added missing sanitization in exporting bookmarks to HTML. (CVE-2017-7840)
- Fixed several crashes and memory safety hazards.
If you are visiting a phishing site using an IDN (International-character Domain Names) to try and spoof the original domain, this identity panel, since 27.3.0, will clearly display the "raw" code of the IDN (also called "punycode", a domain starting with "xn--") instead of what the site is trying to spoof:
Minimum system Requirements (Windows):
- Windows Vista/Windows 7/8/10/Server 2008 or later
- Windows Platform Update (Vista/7) strongly recommended
- A processor with SSE2 instruction support
- 256 MB of free RAM (512 MB or more recommended)
- At least 150 MB of free (uncompressed) disk space
No comments:
Post a Comment