Pale Moon 27.6.2 (2017-11-28)
This is a security and minor bugfix update to the browser.
This will most likely be the last update for 2017, with the holidays not far away.
Changes/fixes:
- Implemented the concept of so-called "cookie-averse document objects" which is a security&privacy measure that blocks certain web content from setting cookies. This mitigates cookie-injection, which might help against "hidden" cookie tracking.
- Mitigated some domain name spoofing through IDN by using dotless-i and dotless-j with accents. (CVE-2017-7832)
Pale Moon will display these kinds of spoofed domains in punycode now in the actual address bar.
Please note that the identity panel will always be able to help you on secure sites when IDNs are in use to notice potential spoofing, as opposed to relying on detection algorithms in the URL itself. As such, some other issues like CVE-2017-7833 are already mitigated by us. - Fixed an issue with mixed-content blocking. (CVE-2017-7835)
- Added an extra check for the correct signature data type on certificates.
- Added missing sanitization in exporting bookmarks to HTML. (CVE-2017-7840)
- Fixed several crashes and memory safety hazards.
-------------------------------------------------------------------------------------------------------
Update via the internal Updater: Help / About Pale Moon ; or full downloads:
32-bit version https://www.palemoon.org/palemoon-win32.shtml
x64-bit version https://www.palemoon.org/palemoon-win64.shtml