Pale Moon 27.4.2 released!

Pale Moon releases and site news
(read-only)
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 37636
Joined: 2011-08-28, 17:27
Location: Motala, SE

Pale Moon 27.4.2 released!

Unread post by Moonchild » 2017-08-22, 11:57

This is a small update to address some security and stability issues.

Changes/fixes:
  • Fixed a number of crashes.
  • Enabled the opt-in debugging feature to log SSL keys to a file in all builds.
  • Added a fix for TLS 1.3 handshakes causing a browser hangup.
    Handshakes should be considerably faster now and no longer stall in the wrong circumstances.
Security fixes:
  • Updated NSPR to 4.15.
  • Updated NSS to 3.31.1.
  • Fixed a DoS issue using overly long Username in URL scheme (CVE-2017-7783)
  • Fixed an issue where (cross domain) iframes could break scope (CVE-2017-7787)
  • Fixed an issue in WindowsDllDetourPatcher (CVE-2017-7804)
  • Fixed an issue with elliptic curve addition in mixed Jacobian-affine coordinates (CVE-2017-7781)
  • Fixed a UAF in nsImageLoadingContent (CVE-2017-7784)
  • Fixed a UAF in WebSockets (CVE-2017-7800)
  • Fixed a heap-UAF in RelocateARIAOwnedIfNeeded (CVE-2017-7809) DiD (accessibility is disabled)
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
"A dead end street is a place to turn around and go into a new direction" - Anonymous
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite