Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,263 Location Upstate, NY Sep 10, 2024 #1 Pale Moon has been updated to version 33.3.1. This is a minor security and bug fix update. Changes/fixes: Backed out support for FFmpeg 7.0/libavcodec 61 (Linux) due to it causing a major regression in WebAudio (broken on all platforms). This is being worked on to re-land at a later date. Restricted the NotifyPaintEvent interface to chrome code only; there is no reason (other than potential tracking/fingerprinting) to have this accessible from content. Fixed a potentially exploitable issue in JavaScript (FetchName). Fixed a code correctness issue in XPConnect when creating sandboxes. DiD Added a warning for using externally handled usenet protocols. Security issues addressed: CVE-2024-8383 and CVE-2024-8381. Notes: *DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered. Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads. Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates. Release Notes
Pale Moon has been updated to version 33.3.1. This is a minor security and bug fix update. Changes/fixes: Backed out support for FFmpeg 7.0/libavcodec 61 (Linux) due to it causing a major regression in WebAudio (broken on all platforms). This is being worked on to re-land at a later date. Restricted the NotifyPaintEvent interface to chrome code only; there is no reason (other than potential tracking/fingerprinting) to have this accessible from content. Fixed a potentially exploitable issue in JavaScript (FetchName). Fixed a code correctness issue in XPConnect when creating sandboxes. DiD Added a warning for using externally handled usenet protocols. Security issues addressed: CVE-2024-8383 and CVE-2024-8381. Notes: *DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered. Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads. Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates. Release Notes