Pale Moon releases and site news
- Pale Moon guru
- Posts: 25769
- Joined: 2011-08-28, 17:27
- Location: 58°2'16"N 14°58'31"E
This is a security update.
- Privacy fix: prevented update checks for the default theme.
- Added a user-agent override for Dropbox to improve compatibility with their service.
- Fixed an issue with mouseover handling related to (CVE-2018-5103). DiD
- Disabled the Mac OSX Nano allocator. DiD
- Fixed (CVE-2018-5129) OOB Write.
- Updated the lz4 library to 1.8.0 to solve potential issues. DiD
- Fixed (CVE-2018-5137) Path traversal on chrome:// URLs
- Fixed several memory safety an synchronicity hazards.
This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose