Pale Moon 25.7.1
Code cleanup: Removed the majority of remaining telemetry code (including the data reporting back-end and health report) to prevent a few issues with partially removed code in earlier versions.
Fixed a crash due to handling of bogus URIs passed to CSS style filters (e.g. whatsapp's web interface).
Permitted spec-breaking syntax in Regex character classes, allowing ranges that would be permitted per the grammar rules in the spec but not necessarily following the syntax rules. This impacts a good number of (also higher profile) sites that use invalid ranges in regular expressions (e.g. Cisco's networking academy site, Yahoo Fantasy Football).
Fixed a crash due to the newly introduced WASAPI handling of audio channel mapping that doesn't like actual surround hardware setups (e.g. playing a video with quadraphonic audio on a 4-speaker setup).
Fixed an issue where site-specific dictionary selections would be written to content preferences without the user's action, potentially overwriting or clearing a previously-chosen dictionary.
Added support for drag and drop of local files from sources which use text/uri-lists. (Some Linux flavors/file managers)
Updated libnestegg to the most current version.
Fixed an issue where setting the location to an empty string could cause a reload loop.
Changed the jemalloc poison address to something that is not a NOP-slide. DiD
Fixed a memory safety hazard in ConvertDialogOptions (CVE-2015-4521)
Fixed a buffer overflow/crash hazard in the VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE (CVE-2015-7179)
Fixed an overflow/crash hazard in the XULContentSinkImpl::AddText function (CVE-2015-7175)
Fixed a stack buffer overread hazard in the ICC v4 profile parser (CVE-2015-4504)
Fixed an HTMLVideoElement Use-After-Free Remote Code Execution 0-day vulnerability (ZDI-CAN-3176) (CVE-2015-4509)
Fixed a potentially exploitable crash in nsXBLService::GetBinding
Fixed a memory safety hazard in nsAttrAndChildArray::GrowBy (CVE-2015-7174)
Fixed a memory safety hazard for callers of nsUnicodeToUTF8::GetMaxLength (CVE-2015-4522)
Fixed a heap buffer overflow/crash hazard caused by invalid WebM headers (CVE-2015-4511) http://www.palemoon.org/releasenotes.shtml
Installer (32-bit) (20.28 MB): http://relmirror.palemoon.org/release/palemoon-25.7.1.win32.installer.exe
Installer (64-bit) (23.49 MB): http://relmirror.palemoon.org/release/palemoon-25.7.1.win64.installer.exe
Portable (32-bit) (21.93 MB): http://relmirror.palemoon.org/release/Palemoon-Portable-25.7.1.win32.exe
Portable (64-bit) (26.49 MB): http://relmirror.palemoon.org/release/Palemoon-Portable-25.7.1.win64.exe
Language Packs: http://www.palemoon.org/langpacks.shtml