Pale Moon Version 25.7 Released with Security Updates

[Corrine]

Pale Moon has been updated to version 25.7. This update includes critical security updates as well as some code cleanup and fixes.

 

Included in the security updates is an update described as "DiD", "Defense-in-Depth. This fix does not apply to an actively exploitable vulnerability in Pale Moon. Rather, it is a preventative measure to prevent future vulnerabilities caused by the same code when surrounding code changes.

 

Security fixes:

 

• Added protection against potential bugs where our SVG mPositions is out of sync with the characters in the DOM. DiD
  
• Fixed use-after-free vulnerability in XMLHttpRequest::Open() (CVE-2015-4492)
  
• Fixed use-after-free vulnerability in the StyleAnimationValue class (CVE-2015-4488)
  
• Fixed crash or memory corruption in nsTArray (CVE-2015-4489)
  
• Fixed crash or memory corruption in nsTSubstring::ReplacePrep (CVE-2015-4487)
  
• Fixed potential escalation of privileges or crash (out-of-bounds write) via a crafted name in MARs (x64 only) (CVE-2015-4482)
  
• Fixed an issue that would allow man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. (CVE-2015-4483)
  

 

Fixes/changes:

 

A complete list of the fixes, changes and additions is available in the Release Notes.

 

[Corrine]

Via Facebook: https://www.facebook...646545845381898

 

Attention Windows XP users: You may run into an issue with the latest 25.7 in that it will not start. If you are still on Windows XP, please hold off on updating the browser until we've investigated this issue.

[Corrine]

Update via Facebook: https://www.facebook.com/PaleMoonBrowser/posts/646573888712427?notif_t=notify_me_page

New versions of the Atom/WinXP build of Pale Moon 25.7 are now available! This fixes startup issues on Windows XP. Sorry for any inconvenience caused.