Pale Moon updated to 27.7.2

Pale Moon releases and site news
User avatar
Pale Moon guru
Pale Moon guru
Posts: 23030
Joined: Sun, 28 Aug 2011, 17:27
Location: 58°2'16"N 14°58'31"E

Pale Moon updated to 27.7.2

Unread postby Moonchild » Thu, 01 Feb 2018, 12:53

Pale Moon has been updated to 27.7.2, a security and stability update.


  • Changed the X-Content-Type-Options: nosniff behavior to only check "success" class server responses, for web compatibility reasons.
  • Changed the performance timer resolution once more to a granularity of 1 ms, after evaluating more potential ways of abusing Spectre. DiD
    This takes the most cautious approach possible lacking more information (because apparently NDAs have been signed over this between mainstream players), follows Safari's lead, and should make it not just infeasible but downright impossible to use these timers for nefarious purposes in this context.
  • Improved the debug-only startup cache wrapper to prevent a rare crash.
  • Fixed a crash in the XML parser.
  • Added a check for integer overflow in AesTask::DoCrypto() (CVE-2018-5122) DiD
  • Fixed a potential race condition in the browser cache.
  • Fixed a crash in HTML media elements (CVE-2018-5102)
  • Fixed a crash in XHR using workers.
  • Fixed a crash with some uncommon FTP operations.
  • Fixed a potential race condition in the JAR library.
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Last edited by Moonchild on Thu, 01 Feb 2018, 12:54, edited 1 time in total.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Return to “Announcements”

Who is online

Users browsing this forum: Blogtrotter [RSS], Google [Bot] and 30 guests