6 Indium

Updates 5/18/18 - PaleMoon

Pale Moon:  27.9.2 (2018-05-18)


This is a security and stability update.


  • We changed the language strings for softblocked items so people will cry less when we do our job.
  • (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10.
  • (CVE-2018-5173) Fixed an issue in the Downloads panel improperly rendering some Unicode characters, allowing for the file name to be spoofed. This could be used to obscure the file extension of potentially executable files from user view in the panel.
  • (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a buffer overflow and crash if it occurs.
  • (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia library resulting in possible out-of-bounds writes.
  • (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating attributes during SVG animations with clip paths.
  • (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable extension in order to occur.
  • Fixed several stability issues (crashes) and memory safety hazards.



Update via the internal Updater:   Help / About Pale Moon ; or full downloads:


32-bit version https://www.palemoon.org/palemoon-win32.shtml


x64-bit version https://www.palemoon.org/palemoon-win64.shtml

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.

[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos