Highlighted
ky331
6 Indium

Updates 7/25/19 - Pale Moon

Pale Moon: v28.6.1 (2019-07-25)

This is security and bugfix update.
Changes/fixes:

  • Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
  • Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
  • Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
    A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
  • Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
    A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
  • Implemented a revised version of http2PushedStream to address some thread safety issues.
  • Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
  • Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
  • Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
  • Fixed a type confusion issue in JavaScript Arrays. (DiD)
  • Added a fix for cross-thread access of Necko. (DiD)
  • Added a port safety check for Alternative Services.
  • Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and several networking and memory-safety hazards that do not have CVE numbers.

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

 

 

-----------------------------------------------------------------

Update via the internal Updater: Help / Check for Updates ; or full downloads: https://www.palemoon.org/download.shtml

 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos