Pale Moon has been updated to version 28.8.3 as a bugfix and security update.
The update includes two DiD ("Defense-in-Depth") updates. A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
From the Release Notes:
Changes/fixes:
- Fixed an issue in CSP blocking requests without a port for custom schemes.
- Fixed a potentially hazardous crash in layers.
- Fixed random crashes on some sites using IndexedDB.
- Changed the way the application can be invoked from the
command-line to prevent a whole class of potential exploits involving
modified omnijars.
If your special-needs environment requires that you launch the browser with custom browser/gre omnijars from the command-line, you must set the UXP_CUSTOM_OMNI environment variable before launch from this point forward. - Fixed an issue in the html parser after using HTML5 template tags, allowing JavaScript parsing and execution when it should not be allowed, risking XSS vulnerabilities on sites relying on correct operation of the browser. (CVE-2020-6798)
- Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 2 DiD, 10 not applicable.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Click About Pale Moon and Check for Updates.
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment