Pale Moon 25.7.1

Pale Moon is a custom-built and optimized Firefox-based browser for Windows operating systems with current, high performance processors. It looks identical to the standard Firefox browser and supports Firefox extensions, themes and identities.

Features:

  • Highly optimized for modern processors
  • 100% Firefox sourced: As safe as the browser that has seen years of development.
  • Uses slightly less memory because of disabled redundant and optional code
  • Significant speed increases for page drawing and script processing
  • Stability: experience fewer browser crashes.
  • Support for SVG and Canvas, and downloadable fonts including WOFF
  • Support for HTML5 and WebGL (v4+)
  • Support for Firefox extensions (add-ons), themes and personas
  • Support for OOPP (Out-of-process plugin execution)
  • Able to use existing Firefox bookmarks and settings with this migration tool

Pale Moon 25.7.1 (2015-09-28)

This is a security, stability and web-compatibility update. This also marks a security update for the Android version of Pale Moon to keep users of the otherwise currently unmaintained OS updated regarding known security vulnerabilities.

Pale Moon 25.7.1 fixes/changes:

  • Code cleanup: Removed the majority of remaining telemetry code (including the data reporting back-end and health report) to prevent a few issues with partially removed code in earlier versions.
  • Fixed a crash due to handling of bogus URIs passed to CSS style filters (e.g. whatsapp"s web interface).
  • Permitted spec-breaking syntax in Regex character classes, allowing ranges that would be permitted per the grammar rules in the spec but not necessarily following the syntax rules. This impacts a good number of (also higher profile) sites that use invalid ranges in regular expressions (e.g. Cisco"s networking academy site, Yahoo Fantasy Football).
  • Fixed a crash due to the newly introduced WASAPI handling of audio channel mapping that doesn"t like actual surround hardware setups (e.g. playing a video with quadraphonic audio on a 4-speaker setup).
  • Fixed an issue where site-specific dictionary selections would be written to content preferences without the user"s action, potentially overwriting or clearing a previously-chosen dictionary.
  • Added support for drag and drop of local files from sources which use text/uri-lists. (Some Linux flavors/file managers)
  • Updated libnestegg to the most current version.
  • Fixed an issue where setting the location to an empty string could cause a reload loop.

Security fixes:

  • Changed the jemalloc poison address to something that is not a NOP-slide. DiD
  • Fixed a memory safety hazard in ConvertDialogOptions (CVE-2015-4521)
  • Fixed a buffer overflow/crash hazard in the VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE (CVE-2015-7179)
  • Fixed an overflow/crash hazard in the XULContentSinkImpl::AddText function (CVE-2015-7175)
  • Fixed a stack buffer overread hazard in the ICC v4 profile parser (CVE-2015-4504)
  • Fixed an HTMLVideoElement Use-After-Free Remote Code Execution 0-day vulnerability (ZDI-CAN-3176) (CVE-2015-4509)
  • Fixed a potentially exploitable crash in nsXBLService::GetBinding
  • Fixed a memory safety hazard in nsAttrAndChildArray::GrowBy (CVE-2015-7174)
  • Fixed a memory safety hazard for callers of nsUnicodeToUTF8::GetMaxLength (CVE-2015-4522)
  • Fixed a heap buffer overflow/crash hazard caused by invalid WebM headers (CVE-2015-4511)

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

Download: Pale Moon 25.7.1 | 20.4 MB (Freeware)
Download: Portable Pale Moon 25.7.1 | 22.0 MB
Download: Pale Moon 25.7.1 x64 | 23.6 MB
Download: Intel Atom & Windows XP optimized Pale Moon 25.7.1 | 19.1 MB
View: Pale Moon Homepage | Pale Moon Screenshot

Report a problem with article
Next Article

Eusing Cleaner 4.6

Previous Article

Rufus 2.4.755