Tuesday, June 21, 2016

Pale Moon Version 26.3.0 Released with Security Updates


Pale Moon
Pale Moon has been updated to Version 26.3.0. In addition to security updates, the new version includes bug fixes and better Windows 10 theme integration.

Details from the Release Notes:

Security fixes:
  • Fixed a number of memory safety hazards and potentially exploitable crashes.
  • Fixed CVE-2016-2821 Use-after-free in the mozilla::dom::Element class
  • Fixed netaddr deserialization for AF_UNSPEC and AF_LOCAL.
  • Fixed a memory overrun error in the VP8 encoder. DiD*
  • Fixed non-threadsafe re-use of pixman images to prevent potential race conditions. DiD*
  • Fixed CVE-2016-2825 Partial Same Origin Policy violation
*DiD -- This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

 Changes/fixes:

  • Added detection for dark system themes on Windows 10 and re-worked Windows 10 specific theming to better integrate into the OS and provide more clarity.
  • HTML5 media controls have been reworked to a horizontal volume control on all media, including HTML5 audio that was previously without an element-control for volume.
  • Default HTML5 media volume preference added as media.default_volume -- fractional, default 1.0 (=100%).
  • String.prototype.match() and .replace() are now fully spec compliant.
  • NSPR and NSS now correctly no longer enforce IA32 architecture compatibility, getting the advantage of SSE2 like the rest of the code.
  • Worked around crashes in the XSS filter when navigating back in history due to document fragments.
  • Instated a hard minimum of 10,000 places entries regardless of free disk space and total memory to prevent undesired expiration of history. That is around 16MB for an average entry size, which should be sane enough even on low-memory machines.
  • Fixed a typo in networking code introduced in 26.2.2 that would cause issues on some sites due to adding extra forward slashes to the URL.
 Minimum system Requirements (Windows):
  • Windows Vista/Windows 7/Windows 8/Server 2008 or later
  • A processor with SSE2 support
  • 256 MB of free RAM (512 MB or more recommended)
  • At least 150 MB of free (uncompressed) disk space
Pale Moon includes both 32- and 64-bit versions for Windows:
Other versions:

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.





    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...
















    No comments: