Pale Moon has been updated to version 27.9.4. The release includes DiD ("Defense-in-Depth") changes. This means that a fix does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
From the Release Notes:
Changes/fixes:
- Updated the useragent for addons.mozilla.org to work around their "Only with Firefox" discrimination preventing users from downloading themes, old versions of extensions, and other files with Pale Moon.
- Restricted web access to the
moz-icon://
scheme that could potentially be abused to infringe the user's privacy. - Prevented various location-based threats. DiD
- Fixed a potential vulnerability with plugins being redirected to different origins (CVE-2018-12364).
- Improved the security check for launching executable files (by association) on Windows from the browser. For users who have (most likely accidentally) granted a system-wide waiver for opening these kinds of files without being prompted, this permission has been reset.
- Fixed an issue with invalid qcms transforms (CVE-2018-12366).
- Fixed a buffer overflow using the computed size of canvas elements (CVE-2018-12359).
- Fixed a use-after-free when using focus() (CVE-2018-12360).
- Added some sanity checks on nsMozIconURI. DiD
- Fixed an issue in the case the preferences file in the profile would not be writable (e.g. temporary permission issues due to backup, virus scanning or similar external processes).
- Windows 7/8/10/Server 2008 or later
- A processor with SSE2 instruction support
- 256 MB of free RAM (512 MB or more recommended)
- At least 150 MB of free (uncompressed) disk space
- 32x: Pale Moon - x32 builds
- 64x: Pale Moon - x64 builds
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.