Pale Moon Version 33.1.1 Released with Security Updates

Started by Corrine, May 28, 2024, 04:59:30 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

Pale Moon has been updated to version 33.1.1.  This is a minor security and bugfix update.

Changes/fixes:
  • Made the nonce length for http digest auth configurable.
  • Fixed various potential issues with font loading, parsing and handling.
  • Cleaned up error reporting for workers and normalized error messages.
  • Security issues addressed: CVE-2024-4772 DiD, CVE-2024-4771, CVE-2024-4769 and CVE-2024-4770.
  • We've switched back to an older toolchain (17.3) for compiling 32-bit Windows binaries (again) to hopefully address some of the intermittent stability issues people continued to have on later Microsoft compiler versions when running on older hardware.
Notes:

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.