Friday, December 02, 2016

Pale Moon Version 27.0.2 Releaed as DiD


Pale Moon
Pale Moon has been updated to Version 27.0.2, released as a DiD* patched update that fixes the crash at the root of CVE-2016-9079.  The update also includes usability fixes.
*DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
Details from the Release Notes:


    Security fix:
    • Fixed a crash in SVG, related to CVE-2016-9079, as a defense-in-depth measure.
      Usability Fixes:
      • Enabled Firefox Compatibility mode by default for the useragent string.
        Unfortunately too many websites (and especially the big players who should know better like Google, Apple and Microsoft) still require the "we must pretend to be Firefox if we want this site to work" status quo to be maintained, because people still insist on using useragent sniffing to determine "browser features", or even worse, discriminate against free choice of browser by flat-out refusing service (I'm looking at you, banking industry and cloud services!) when visiting websites just because companies don't want to provide assistance to any but users on the main 3.
        HTML offers plenty of ways to do proper feature detection; site owners should use them.
        Seriously people, it was a bad idea 20 years ago, and it's a worse idea in 2016.
      • The built-in devtools are back, and with a facelift!
        Thanks to some consistent community help, the built-in devtools, sorely missed by a number of our users, are back. They've received a code and style update and should be fully functional on the new platform. This was originally planned for 27.1, but it was decided to include this as soon as possible, not in the least to assist extension developers in their efforts to adapt to Pale Moon 27.
      Minimum system Requirements (Windows):
      • Windows Vista/Windows 7/8/10/Server 2008 or later
      • Windows Platform Update (Vista/7) strongly recommended
      • A processor with SSE2 instruction support
      • 256 MB of free RAM (512 MB or more recommended)
      • At least 150 MB of free (uncompressed) disk space
      Pale Moon includes both 32- and 64-bit versions for Windows:

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Wednesday, November 30, 2016

      Mozilla Firefox Version 50.0.2 Released to Address Critical Zero-Day Vulnerability


      FirefoxMozilla sent Firefox Version 50.0.2 to the release channel today to address a critical zero-day vulnerability in the wild.  Firefox ESR was updated to version 45.5.1.

      The next scheduled release is December 13, 2016 (5 week cycle with release for critical fixes as needed).

      Critical
      Additional information about the vulnerability is available in Vulnerability Note VU#791496, "Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability".

      Note:  As explained in the Pale Moon forum announcement, although significantly diverted from Mozilla development, the question arose as to whether Pale Moon is also vulnerable.  After evaluation, it was reported that it is extremely unlikely that Pale Moon is vulnerable to this exploit.

      Update via Twitter message from PaleMoon:
      "Despite this, we'll still be releasing a DiD patched update on Dec 2nd that fixes the crash at the root of this."

      Update

      To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

        References




        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...




        Monday, November 28, 2016

        Mozilla Firefox Version 50.0.1 Released with Critical Security Update


        FirefoxMozilla sent Firefox Version 50.0.1 to the release channel today.  The update includes one (1) critical security update affecting Firefox versions 49 and 50.  Firefox ESR is not affected.  Also included in the update is a bugfix.

        The next scheduled release is December 13, 2016 (5 week cycle with release for critical fixes as needed).

        Critical

        Fixed

        • Firefox crashes with 3rd party Chinese IME when using IME text

        Update

        To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

          References




          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...