Pale Moon updated to 27.8.2

Pale Moon releases and site news
(read-only)
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22147
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Pale Moon updated to 27.8.2

Unread postby Moonchild » Thu, 22 Mar 2018, 11:55

This is a security update.

Changes/fixes:

  • Privacy fix: prevented update checks for the default theme.
  • Added a user-agent override for Dropbox to improve compatibility with their service.
  • Fixed an issue with mouseover handling related to (CVE-2018-5103). DiD
  • Disabled the Mac OSX Nano allocator. DiD
  • Fixed (CVE-2018-5129) OOB Write.
  • Updated the lz4 library to 1.8.0 to solve potential issues. DiD
  • Fixed (CVE-2018-5137) Path traversal on chrome:// URLs
  • Fixed several memory safety an synchronicity hazards.

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Return to “Announcements”

Who is online

Users browsing this forum: Blogtrotter [RSS] and 37 guests