Tuesday, March 02, 2021

Pale Moon Version 29.1.0 Released With Security Update


Pale Moon

Pale Moon has been updated to version 29.1.0.  This update is a development, bugfix and security update.

New features:
  • Language packs for the following newly-supported languages:
    • Arabic (ar)
    • Chinese Traditional (zh-TW)
    • Croatian (hr)
    • Danish (da)
    • Finnish (fi)
    • Galician (gl)
    • Indonesian (id)
    • Icelandic (is)
    • Japanese (ja)
    • Romanian (ro)
    • Serbian (cyrillic) (sr)
    • Slovenian (sl)
    • Thai (th)
  • Implemented String.prototype.replaceAll().
  • Implemented JSON superset proposal.
  • Implemented well-formed JSON stringify.
  • Implemented numeric separators in JavaScript.
Changes/fixes:
  • Updated timezone data to 2021a.
  • Updated the wording and inclusion of more select license blocks in about:license.
  • Updated some site-specific user-agent overrides for web compatibility.
  • Updated the lz4 library for performance and security updates.
  • Improved performance of JSON stringify.
  • Further improved support for building on FreeBSD.
  • Fixed a regression where changes to useragent compatibility required a restart to take effect.
  • Fixed a regression where AES-GCM in WebCrypto ("subtle" crypto API) wasn't working.
    This could make certain login procedures fail to work.
  • Fixed a full browser deadlock when page scripting would flood browsing history with rapid location state changes.
  • Disabled AV1 codec use by default again since our implementation has significant streaming issues (particularly audio) that needs further work.
  • Added required interaction with file/folder open dialog boxes on html file input elements on some operating systems to avoid malicious content tricking users into uploading sensitive files unintentionally (related to CVE-2021-23956).
  • Added a font sanity check to avoid triggering a potential vulnerability on unpatched Windows operating systems (related to CVE-2021-24093).
  • Security issues addressed: CVE-2021-23974, CVE-2021-23973 and several memory safety hazards that don't have CVE numbers.
  • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 2 DiD*, 19 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


No comments: