Pale Moon Version 25.2 Released with Security Updates

[Corrine]

Pale Moon has released version 25.2 to extend browser capabilities and implement some ES6 draft functions for web programmers. The update includes important crash fixes, bug fixes and security updates.

 

Security/privacy fixes:

• Added a preference network.stricttransportsecurity.enabled to enable or disable the use of HSTS (HTTP Strict Transport Security), allowing users to choose between privacy and security in this matter. (hidden pref)
  
• Fixed CVE-2014-1589 by whitelisting XBL bindings that may be applied to untrusted content.
  Important: extension developers should read this related thread.
  
• Fixed CVE-2014-1593.
  
• Mac: fixed CVE-2014-1595.
  
• Fixed CVE-2014-8639 by adjusting cookie handling through proxies.
  
• Fixed CVE-2014-8636.
  
• Fixed several memory safety hazards that do not have CVE numbers.
  

 

Fixes and changes are documented in the Release Notes.

 

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.

[Corrine]

If you use Adblock Latitude (ABL), check extensions to make sure it has updated to ABL 3.0.1 or it may not work properly (and start blocking too much) when updating to Pale Moon 25.2. This is a required update of the extension because of one of the security updates in the new version of the browser! ABL 3.0.1 is available here: https://addons.palemoon.org/extensions/privacy-and-security/adblock-latitude/

[Corrine]

Pale Moon version 25.2.1 has been released to address cookie handling through proxies causing issues for some authenticating proxies in corporate environments.