Pale Moon has been updated to version 28.4.1. This is a security and bugfix update. The Linux version will follow later today.
A fix identified as "DiD" ("Defense-in-Depth") means that it is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
From the Release Notes:
Changes/fixes:
- Fixed hover state arrows on some controls.
- Fixed potential denial-of-service issues involving FTP (loading of subresources and spamming errors).
- Disabled Microsoft Family Safety (Win 8.1) by default. This prevents security issues as a result of a local MitM setup.
- Added several site-specific overrides (Firefox Send and polyfill.io) to work around website UA-sniffing isues.
- Implemented the origin-clean algorithm for controlling access to image resources.
- Cleaned up the helper application service code.
- Ported applicable security fixes from Mozilla
(CVE-2019-9791,
CVE-2019-9792, CVE-2019-9796, CVE-2019-9801, CVE-2019-9793,
CVE-2019-9794, CVE-2019-9808 and ZDI-CAN-8368).
- Implemented several defense-in-depth measures (for CVE-2019-9790, CVE-2019-9797, CVE-2019-9804, and a JavaScript issue).
- Fixed several memory safety hazards and crashes.
- Binaries are now code-signed again (including the setup program for the installer).
Update
To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment