Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,056 Location Upstate, NY Aug 26, 2015 #1 Pale Moon has been updated to version 25.7. This update includes critical security updates as well as some code cleanup and fixes. Included in the security updates is an update described as "DiD", "Defense-in-Depth. This fix does not apply to an actively exploitable vulnerability in Pale Moon. Rather, it is a preventative measure to prevent future vulnerabilities caused by the same code when surrounding code changes. Security fixes: Added protection against potential bugs where our SVG mPositions is out of sync with the characters in the DOM. DiD Fixed use-after-free vulnerability in XMLHttpRequest::Open() (CVE-2015-4492) Fixed use-after-free vulnerability in the StyleAnimationValue class (CVE-2015-4488) Fixed crash or memory corruption in nsTArray (CVE-2015-4489) Fixed crash or memory corruption in nsTSubstring::ReplacePrep (CVE-2015-4487) Fixed potential escalation of privileges or crash (out-of-bounds write) via a crafted name in MARs (x64 only) (CVE-2015-4482) Fixed an issue that would allow man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. (CVE-2015-4483) Fixes/changes: A complete list of the fixes, changes and additions is available in the Release Notes.
Pale Moon has been updated to version 25.7. This update includes critical security updates as well as some code cleanup and fixes. Included in the security updates is an update described as "DiD", "Defense-in-Depth. This fix does not apply to an actively exploitable vulnerability in Pale Moon. Rather, it is a preventative measure to prevent future vulnerabilities caused by the same code when surrounding code changes. Security fixes: Added protection against potential bugs where our SVG mPositions is out of sync with the characters in the DOM. DiD Fixed use-after-free vulnerability in XMLHttpRequest::Open() (CVE-2015-4492) Fixed use-after-free vulnerability in the StyleAnimationValue class (CVE-2015-4488) Fixed crash or memory corruption in nsTArray (CVE-2015-4489) Fixed crash or memory corruption in nsTSubstring::ReplacePrep (CVE-2015-4487) Fixed potential escalation of privileges or crash (out-of-bounds write) via a crafted name in MARs (x64 only) (CVE-2015-4482) Fixed an issue that would allow man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. (CVE-2015-4483) Fixes/changes: A complete list of the fixes, changes and additions is available in the Release Notes.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,056 Location Upstate, NY Aug 26, 2015 #2 Via Facebook: https://www.facebook.com/PaleMoonBrowser/posts/646545845381898?__mref=message_bubble Attention Windows XP users: You may run into an issue with the latest 25.7 in that it will not start. If you are still on Windows XP, please hold off on updating the browser until we've investigated this issue. Click to expand...
Via Facebook: https://www.facebook.com/PaleMoonBrowser/posts/646545845381898?__mref=message_bubble Attention Windows XP users: You may run into an issue with the latest 25.7 in that it will not start. If you are still on Windows XP, please hold off on updating the browser until we've investigated this issue. Click to expand...
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,056 Location Upstate, NY Aug 26, 2015 #3 Update via Facebook: https://www.facebook.com/PaleMoonBrowser/posts/646573888712427?notif_t=notify_me_page New versions of the Atom/WinXP build of Pale Moon 25.7 are now available! This fixes startup issues on Windows XP. Sorry for any inconvenience caused. Click to expand...
Update via Facebook: https://www.facebook.com/PaleMoonBrowser/posts/646573888712427?notif_t=notify_me_page New versions of the Atom/WinXP build of Pale Moon 25.7 are now available! This fixes startup issues on Windows XP. Sorry for any inconvenience caused. Click to expand...