Pale Moon 25.7.1

Pale Moon is a custom-built and optimized Firefox-based browser for Windows operating systems with current, high performance processors. It looks identical to the standard Firefox browser and supports Firefox extensions, themes and identities.

Features:

Highly optimized for modern processors
100% Firefox sourced: As safe as the browser that has seen years of development.
Uses slightly less memory because of disabled redundant and optional code
Significant speed increases for page drawing and script processing
Stability: experience fewer browser crashes.
Support for SVG and Canvas, and downloadable fonts including WOFF
Support for HTML5 and WebGL (v4+)
Support for Firefox extensions (add-ons), themes and personas
Support for OOPP (Out-of-process plugin execution)
Able to use existing Firefox bookmarks and settings with this migration tool

Pale Moon 25.7.1 (2015-09-28)

This is a security, stability and web-compatibility update. This also marks a security update for the Android version of Pale Moon to keep users of the otherwise currently unmaintained OS updated regarding known security vulnerabilities.

Pale Moon 25.7.1 fixes/changes:

Code cleanup: Removed the majority of remaining telemetry code (including the data reporting back-end and health report) to prevent a few issues with partially removed code in earlier versions.
Fixed a crash due to handling of bogus URIs passed to CSS style filters (e.g. whatsapp"s web interface).
Permitted spec-breaking syntax in Regex character classes, allowing ranges that would be permitted per the grammar rules in the spec but not necessarily following the syntax rules. This impacts a good number of (also higher profile) sites that use invalid ranges in regular expressions (e.g. Cisco"s networking academy site, Yahoo Fantasy Football).
Fixed a crash due to the newly introduced WASAPI handling of audio channel mapping that doesn"t like actual surround hardware setups (e.g. playing a video with quadraphonic audio on a 4-speaker setup).
Fixed an issue where site-specific dictionary selections would be written to content preferences without the user"s action, potentially overwriting or clearing a previously-chosen dictionary.
Added support for drag and drop of local files from sources which use text/uri-lists. (Some Linux flavors/file managers)
Updated libnestegg to the most current version.
Fixed an issue where setting the location to an empty string could cause a reload loop.

Security fixes:

Changed the jemalloc poison address to something that is not a NOP-slide. DiD
Fixed a memory safety hazard in ConvertDialogOptions (CVE-2015-4521)
Fixed a buffer overflow/crash hazard in the VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE (CVE-2015-7179)
Fixed an overflow/crash hazard in the XULContentSinkImpl::AddText function (CVE-2015-7175)
Fixed a stack buffer overread hazard in the ICC v4 profile parser (CVE-2015-4504)
Fixed an HTMLVideoElement Use-After-Free Remote Code Execution 0-day vulnerability (ZDI-CAN-3176) (CVE-2015-4509)
Fixed a potentially exploitable crash in nsXBLService::GetBinding
Fixed a memory safety hazard in nsAttrAndChildArray::GrowBy (CVE-2015-7174)
Fixed a memory safety hazard for callers of nsUnicodeToUTF8::GetMaxLength (CVE-2015-4522)
Fixed a heap buffer overflow/crash hazard caused by invalid WebM headers (CVE-2015-4511)

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

Tags