Thursday, March 17, 2022

Pale Moon Version 30 Released with Security Updates and Return to Firefox's GUID

      

Pale Moon

Pale Moon has been updated to version 30.0.0.  In addition to security fixes as well as extensive internal changes, of note is the following:

"Pale Moon is abandoning its own GUID (globally-unique identifier) and adopting Firefox's GUID instead to provide maximum compatibility with old and unmaintained Firefox extensions alongside those that are maintained on our add-ons site."

Most notable user-facing/implementation changes:

  • Implemented Global Privacy Control, taking the place of the unenforceable "DNT" (Do Not Track) signal. If you previously enabled DNT, then this preference will be adopted for Global Privacy Control (GPC). Through GPC, you indicate to websites that you do not want them to share or sell your data.
  • "Default browser" controls in preferences has been moved to "General".
  • Updated emoji support to Twemoji 13.1.
  • Implemented Selection.setBaseAndExtent() for web compatibility.
  • Implemented queueMicroTask() for web compatibility.

Bugfixes, stability and security:

  • Updated various in-tree libraries: cubeb, sqlite, cairo, ...
  • Fixed an issue with the Linux desktop shortcut file to solve potential DE integration problems on common distributions.
  • Fixed an issue with page and iframe content margins not being applied properly when passed as attributes instead of CSS.
  • Ensured JavaScript and JSON files are always recognized as known MIME types so they can be opened appropriately from local sources.
  • Fixed an issue with rapid loading and unloading of js modules causing browser crashes.
  • Fixed an issue with tooltips being cut off at the end if containing exceedingly long unwrappable series of characters.
  • Fixed several application crash scenarios. DiD
  • Fixed a large number of thread locking/mutex issues. DiD
  • Fixed a leak of content types due to inconsistent error reporting. (CVE-2022-22760)
  • Fixed an issue with iframe sandboxing not being properly applied. (CVE-2022-22759)
  • Fixed a potential leak of bookmarks from the exported bookmarks file if it included a malicious bookmarklet.
  • Fixed an issue with drag-and-drop. (CVE-2022-22756)
  • Fixed a potential crash due to truncated WAV files.
  • Fixed a memory safety issue with XSLT. (CVE-2022-26485)

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: