07-18-2018 , 03:22 AM
http://www.palemoon.org/releasenotes.shtml Pale Moon: Release notes
27.9.4 (2018-07-17)
This is a security and usability update.
Changes/fixes:
Updated the useragent for addons.mozilla.org to work around their "Only with Firefox" discrimination preventing users from downloading themes, old versions of extensions, and other files with Pale Moon.
Restricted web access to the moz-icon:// scheme that could potentially be abused to infringe the user's privacy.
Prevented various location-based threats. DiD
Fixed a potential vulnerability with plugins being redirected to different origins (CVE-2018-12364).
Improved the security check for launching executable files (by association) on Windows from the browser. For users who have (most likely accidentally) granted a system-wide waiver for opening these kinds of files without being prompted, this permission has been reset.
Fixed an issue with invalid qcms transforms (CVE-2018-12366).
Fixed a buffer overflow using the computed size of canvas elements (CVE-2018-12359).
Fixed a use-after-free when using focus() (CVE-2018-12360).
Added some sanity checks on nsMozIconURI. DiD
Fixed an issue in the case the preferences file in the profile would not be writable (e.g. temporary permission issues due to backup, virus scanning or similar external processes).
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
100% Scanned Malware Free & Clean With Kaspersky Total Security & Not Signed This Version Trusted ( Kaspersky Security Network)
27.9.4 (2018-07-17)
This is a security and usability update.
Changes/fixes:
Updated the useragent for addons.mozilla.org to work around their "Only with Firefox" discrimination preventing users from downloading themes, old versions of extensions, and other files with Pale Moon.
Restricted web access to the moz-icon:// scheme that could potentially be abused to infringe the user's privacy.
Prevented various location-based threats. DiD
Fixed a potential vulnerability with plugins being redirected to different origins (CVE-2018-12364).
Improved the security check for launching executable files (by association) on Windows from the browser. For users who have (most likely accidentally) granted a system-wide waiver for opening these kinds of files without being prompted, this permission has been reset.
Fixed an issue with invalid qcms transforms (CVE-2018-12366).
Fixed a buffer overflow using the computed size of canvas elements (CVE-2018-12359).
Fixed a use-after-free when using focus() (CVE-2018-12360).
Added some sanity checks on nsMozIconURI. DiD
Fixed an issue in the case the preferences file in the profile would not be writable (e.g. temporary permission issues due to backup, virus scanning or similar external processes).
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
100% Scanned Malware Free & Clean With Kaspersky Total Security & Not Signed This Version Trusted ( Kaspersky Security Network)