Pale Moon has been updated to version 29.4.3. This is a security update. This update reinstates FUEL again for old extension compatibility. See implementation notes.
Linux versions will follow shortly.
Changes/fixes:
- Restored the FUEL abstraction library again.
- Added some extra sanity checks to timers and text fragments. DiD
- Added a potential crash safeguard in program threading logic. DiD
- Fixed the following security issues: CVE-2021-43537, CVE-2021-43541, CVE-2021-43536, CVE-2021-43545 and CVE-2021-43542.
- Unified XUL Platform Mozilla Security Patch Summary: 5 fixed, 3 DiD, 10 not applicable.
Implementation notes:
- Despite being removed in 29.4.0 and 29.4.2, the long-since deprecated FUEL abstraction functions inside Pale Moon have been restored again after considerable blowback from the community and lack of effort to fix afflicted extensions. It was decided to just restore this indefinitely in the end, since it serves no-one to have users be forced to do without or stay on insecure versions of the browser for something nobody seems to want to address in the extension ecosystem. Keep an eye on the forum for a more in-depth announcement soon (will be linked here when available).
*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update
To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.