Pale Moon 27.4.2 released!

Pale Moon releases and site news
(read-only)
Locked
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25440
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Pale Moon 27.4.2 released!

Post by Moonchild » 2017-08-22, 11:57

This is a small update to address some security and stability issues.

Changes/fixes:
  • Fixed a number of crashes.
  • Enabled the opt-in debugging feature to log SSL keys to a file in all builds.
  • Added a fix for TLS 1.3 handshakes causing a browser hangup.
    Handshakes should be considerably faster now and no longer stall in the wrong circumstances.
Security fixes:
  • Updated NSPR to 4.15.
  • Updated NSS to 3.31.1.
  • Fixed a DoS issue using overly long Username in URL scheme (CVE-2017-7783)
  • Fixed an issue where (cross domain) iframes could break scope (CVE-2017-7787)
  • Fixed an issue in WindowsDllDetourPatcher (CVE-2017-7804)
  • Fixed an issue with elliptic curve addition in mixed Jacobian-affine coordinates (CVE-2017-7781)
  • Fixed a UAF in nsImageLoadingContent (CVE-2017-7784)
  • Fixed a UAF in WebSockets (CVE-2017-7800)
  • Fixed a heap-UAF in RelocateARIAOwnedIfNeeded (CVE-2017-7809) DiD (accessibility is disabled)
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

Locked