Pale Moon security advisory
Posted: 2013-12-13, 11:37
Since there has been some confusion about Pale Moon's security patching because the release notes for 24.2.* have not linked to specific Mozilla security pages, I'm publishing this advisory.
Security fixes for Pale Moon have been spread out over 24.2.0, 24.2.1 and 24.2.2 - at the time of release, there were no published MFSAs out yet. This means that up until now, I could not provide detailed advisories to mention along with the bugfixes that were already implemented.
I'll list what has been fixed below, with an indication of the Pale Moon version(s) it was fixed in. Be aware that any other unmentioned security fixes applicable to the v24 code base as-published by Mozilla have been implemented as well in earlier versions of the browser.
Security fixes for Pale Moon have been spread out over 24.2.0, 24.2.1 and 24.2.2 - at the time of release, there were no published MFSAs out yet. This means that up until now, I could not provide detailed advisories to mention along with the bugfixes that were already implemented.
I'll list what has been fixed below, with an indication of the Pale Moon version(s) it was fixed in. Be aware that any other unmentioned security fixes applicable to the v24 code base as-published by Mozilla have been implemented as well in earlier versions of the browser.
- MFSA 2013-104 Miscellaneous memory safety hazards (24.2.0, 24.2.1 and 24.2.2)
- MFSA 2013-108 Use-after-free in event listeners (24.2.0)
- MFSA 2013-109 Use-after-free during Table Editing (24.2.2)
- MFSA 2013-111 Segmentation violation when replacing ordered list elements (24.2.1)
- MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation (24.2.2)
- MFSA 2013-114 Use-after-free in synthetic mouse movement (24.2.2)
- MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets (24.2.1)
- MFSA 2013-116 JPEG information leak (24.2.1)
- MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate (24.2.2)