Author Topic: Pale Moon Version 29.4.2 Released with Security Updates  (Read 984 times)

0 Members and 1 Guest are viewing this topic.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20775
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Pale Moon Version 29.4.2 Released with Security Updates
« on: November 09, 2021, 12:20:03 PM »
Pale Moon has been updated to version 29.4.2.  This is a security update.  Linux versions will follow shortly.

Changes/fixes:
  • Fixed a spec compliance issue with IDN that could potentially cause confusion of domain names.
  • Fixed several intermittent thread sanity issues. DiD
  • Fixed a potential UAF risk in certain situations in networking. DiD
  • Fixed a potential crash risk (not exposed). DiD
  • Fixed a potential spoofing risk using form validation. (CVE-2021-38508)
  • Fixed a script sandbox escape issue through XSLT. (CVE-2021-38503)
  • Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 1 already applied, 4 DiD, 7 not applicable.
Security notice: If you have enabled HTTP Alternative Services for Opportunistic Encryption, it is strongly recommended you disable this at this time through Preferences -> Security -> Opportunistic Encryption -> Enable HTTP Alternative Services for Opportunistic Encryption. This inherently weak transitional technology for http -> https has been compromised and can be abused (partial opt-in bypass). Note that our platform default for this setting (and any other OE) is disabled due to these kinds of inherent risks, as well as lack of transparency about the connection and server contacted. See CVE-2021-38507 for more details about this problem.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Update:  To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20775
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Pale Moon Version 29.4.2.1 Released
« Reply #1 on: November 11, 2021, 12:18:04 AM »
Pale Moon Version 29.4.2.1 has been released.  Both Windows and Linux versions have been published.

This is a small update to address the following:
  • Autocomplete drop-downs would have incorrect styling, causing issues with custom themes (e.g., resulting in readability issues) and not displaying as intended.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.