Pale Moon Version 33.3.1 Released with Security Update

Started by Corrine, September 10, 2024, 01:06:52 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

Pale Moon has been updated to version 33.3.1. This is a minor security and bug fix update.

Changes/fixes:

  • Backed out support for FFmpeg 7.0/libavcodec 61 (Linux) due to it causing a major regression in WebAudio (broken on all platforms). This is being worked on to re-land at a later date.
  • Restricted the NotifyPaintEvent interface to chrome code only; there is no reason (other than potential tracking/fingerprinting) to have this accessible from content.
  • Fixed a potentially exploitable issue in JavaScript (FetchName).
  • Fixed a code correctness issue in XPConnect when creating sandboxes. DiD
  • Added a warning for using externally handled usenet protocols.
  • Security issues addressed: CVE-2024-8383 and CVE-2024-8381.

Notes:

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.

Release Notes


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.