Page 1 of 1

Pale Moon 28.4.1 released!

Posted: 2019-03-27, 12:44
by Moonchild
This is a bugfix and security update.

Changes/Fixes:
  • Fixed hover state arrows on some controls.
  • Fixed potential denial-of-service issues involving FTP (loading of subresources and spamming errors).
  • Disabled Microsoft Family Safety (Win 8.1) by default. This prevents security issues as a result of a local MitM setup.
  • Added several site-specific overrides (Firefox Send and polyfill.io) to work around website UA-sniffing isues.
  • Implemented the origin-clean algorithm for controlling access to image resources.
  • Cleaned up the helper application service code.
  • Ported applicable security fixes from Mozilla (CVE-2019-9791, CVE-2019-9792, CVE-2019-9796, CVE-2019-9801, CVE-2019-9793, CVE-2019-9794, CVE-2019-9808 and ZDI-CAN-8368).
  • Implemented several defense-in-depth measures (for CVE-2019-9790, CVE-2019-9797, CVE-2019-9804, and a JavaScript issue).
  • Fixed several memory safety hazards and crashes.
  • Binaries are now code-signed again (including the setup program for the installer).