Pale Moon 27.4.2 released!

Pale Moon releases and site news
(read-only)
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19935
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Pale Moon 27.4.2 released!

Postby Moonchild » Tue Aug 22, 2017 11:57 am

This is a small update to address some security and stability issues.

Changes/fixes:

  • Fixed a number of crashes.
  • Enabled the opt-in debugging feature to log SSL keys to a file in all builds.
  • Added a fix for TLS 1.3 handshakes causing a browser hangup.
    Handshakes should be considerably faster now and no longer stall in the wrong circumstances.

Security fixes:

  • Updated NSPR to 4.15.
  • Updated NSS to 3.31.1.
  • Fixed a DoS issue using overly long Username in URL scheme (CVE-2017-7783)
  • Fixed an issue where (cross domain) iframes could break scope (CVE-2017-7787)
  • Fixed an issue in WindowsDllDetourPatcher (CVE-2017-7804)
  • Fixed an issue with elliptic curve addition in mixed Jacobian-affine coordinates (CVE-2017-7781)
  • Fixed a UAF in nsImageLoadingContent (CVE-2017-7784)
  • Fixed a UAF in WebSockets (CVE-2017-7800)
  • Fixed a heap-UAF in RelocateARIAOwnedIfNeeded (CVE-2017-7809) DiD (accessibility is disabled)

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

Return to “Announcements”

Who is online

Users browsing this forum: AOL Reader [RSS] and 40 guests