Updates 7/7/22 - PaleMoon

PaleMoon v31.1.1 (2022-07-07)

This is a security update.

Changes/fixes:

• Updated the list of blocked external protocol handlers to combat abuse of OS-supplied services on Windows.
• Fixed a potential issue with revoked site certificates when connecting through a proxy.
• Updated NSS to 3.52.7 to pick up some security fixes.
• Updated site-specific user agent overrides to work around bad sniffing practices of dropbox and vimeo.
• Security issues addressed: CVE-2022-34478, CVE-2022-34476, CVE-2022-34480 DiD, CVE-2022-34472, CVE-2022-34475 DiD, CVE-2022-34473 DiD, CVE-2022-34481 and a memory safety issue that doesn't have a CVE number.
• UXP Mozilla security patch summary: 4 fixed, 4 DiD, 2 rejected, 11 not applicable.

Rejected patches were for behavioral changes to long-standing drag and drop behavior that were marked as potential security issues. The amount of social engineering and user interaction required to abuse this behavior however has made it not a real practical issue over the past 9 years and the measures required to work around it as Mozilla has now done were considered disproportional in complexity and impact on browser behavior to warrant accepting them.

=========================

Available via the internal updater:   Help / Check for updates; 

or full downloads from https://www.palemoon.org/download.shtml