Pale Moon security advisory

Pale Moon releases and site news
(read-only)
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35481
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Pale Moon security advisory

Unread post by Moonchild » 2013-12-13, 11:37

Since there has been some confusion about Pale Moon's security patching because the release notes for 24.2.* have not linked to specific Mozilla security pages, I'm publishing this advisory.

Security fixes for Pale Moon have been spread out over 24.2.0, 24.2.1 and 24.2.2 - at the time of release, there were no published MFSAs out yet. This means that up until now, I could not provide detailed advisories to mention along with the bugfixes that were already implemented.

I'll list what has been fixed below, with an indication of the Pale Moon version(s) it was fixed in. Be aware that any other unmentioned security fixes applicable to the v24 code base as-published by Mozilla have been implemented as well in earlier versions of the browser.
  • MFSA 2013-104 Miscellaneous memory safety hazards (24.2.0, 24.2.1 and 24.2.2)
  • MFSA 2013-108 Use-after-free in event listeners (24.2.0)
  • MFSA 2013-109 Use-after-free during Table Editing (24.2.2)
  • MFSA 2013-111 Segmentation violation when replacing ordered list elements (24.2.1)
  • MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation (24.2.2)
  • MFSA 2013-114 Use-after-free in synthetic mouse movement (24.2.2)
  • MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets (24.2.1)
  • MFSA 2013-116 JPEG information leak (24.2.1)
  • MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate (24.2.2)
A critical note to the people so terribly vocal about "Pale Moon not keeping you secure" (you know who you are): As you can see, I implement security patches at least on par with and in many cases before they land in Firefox. So please, quit spreading misinformation, thank you.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked