Pale Moon Version 25.5.0 Released with Security Updates

Started by Corrine, June 10, 2015, 01:18:35 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Corrine

June 10, 2015, 01:18:35 PM
The complete list of fixes, changes and additions is available in the Release Notes.  In addition to the fixing the Logjam vulnerability (DHE keys with less than 1024 key bits refused), the following additional security fixes are included in the update:

Security fixes:

  • Fixes for miscellaneous memory safety hazards (relevant and applicable fixes from CVE-2015-2708 and CVE-2015-2709)
  • DiD (defense-in-depth) fix to prevent potential overflows in CSS restyling
  • Fix for updater hijacking (CVE-2015-2720)
  • Fix to prevent potential disclosure of sensitive information in Android logs (CVE-2015-2714)
  • Fix for a buffer overflow in the XML parser (CVE-2015-2716)
  • Fix for a potentially exploitable crash in DNS handling
Of interest to some users is the addition of a preference for always preferring a certain dictionary language.  To use this, create a new preference spellchecker.dictionary.override (string) and set it to your language code.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

plodr

#1
June 10, 2015, 02:25:29 PM
Figures. I did the Windows updates late last night and imaged 3 of the 4 computers this morning. (I did check last night for updates).

Thanks. I do right down what changes I make after the image so if I need to restore, I'll know what to update.
Chugging coffee and computing!

Corrine

#2
June 12, 2015, 01:40:20 PM
From:  Pale Moon for Linux is moving!

Quote
Pale Moon for Linux will be moving from SourceForge to our own in-house server soon. Version 25.5.* will be the last version that is offered on SourceForge.

We are moving away from SourceForge for a few reasons:

  • Pale Moon includes strong encryption methodology that would be subject to US cryptography export laws on SourceForge. Since we have no intention to compromise on user security, we are currently using SourceForge in the "grey area" of still being condoned as-such, but it's not exactly correct.
  • SourceForge has been very unscrupulous in its applying of stub installers to Open Source software to bundle "offers"; even going as far as hijacking abandoned accounts to plant their stub installers in place or otherwise control previous projects' sites without consent. We cannot condone that kind of behavior.
  • SourceForge is too advertisement-heavy these days to be a comfortable place to host Pale Moon.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

plodr

#3
June 12, 2015, 10:41:13 PM
QuoteI do right down
face slap here. It should read - I do write down... :embarrassed:

Good about moving away from SourceForge. i did read a troubling article about them earlier this week.
Chugging coffee and computing!
Print
Go Up Pages1
User actions