Releases

  • v2020.11.25

    Moonchild 3 days ago 0 commits to master since this release

    This is a development and security update.

    • Aligned CSS tab-size with the specification and un-prefixed it.
    • Updated Brotli library to 1.0.9.
    • Updated JAR lib code.
    • Cleaned up HPKP leftovers.
    • Disabled the DOM filesystem API by default.
    • Removed Phone Vibrator API.
    • Fixed an issue where the software uninstaller would not remove the program files it should.
    • Fixed a devtools crash related to timeline snapshots.
    • Fixed several data race conditions.
    • Security issues fixed: CVE-2020-26960, CVE-2020-26951, CVE-2020-26956, CVE-2020-15999 and several memory safety hazards.
    • Unified XUL Platform Mozilla Security Patch Summary: 5 fixed, 4 defense-in-depth, 3 rejected, 19 not applicable.
     
  • 1 month ago
  • 1 month ago
  • 2 months ago
  • 3 months ago
  • 5 months ago
  • Basilisk 2020.05.08

    wolfbeast 6 months ago 24 commits to master since this release

    This is development and security update.

    • On-going work for implementing ShadowDOM v1, aligning the way DOM works as-needed.
    • On-going work for solving dependency issues in C++ throughout the entire tree.
    • Removed unused Contextual Identity Service.
    • Implemented URLSearchParams sort().
    • Enabled DOM High resolution timestamps.
    • Removed support for obsolete NV 3DVision stereoscopic hardware.
    • Fixed a potential vulnerability in the zip file reader. DiD
    • Fixed a potential vulnerability in the JavaScript JIT compiler related to aliases. DiD
    • Ported several upstream devtools fixes (addresses CVE-2020-12392 and CVE-2020-12393).
    • Ported upstream sctp fix (addresses CVE-2020-6831).
    • Improved memory safety of some WebAudio calls.
    • Improved memory safety in the XUL window destructor. DiD
    • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 3 DiD (Defense-in-depth), 15 not applicable.

    Built with the Unified XUL Platform @ 7c779d

     
  • Basilisk 2020.04.17

    wolfbeast 7 months ago 28 commits to master since this release

    This is a small update to enable AV1 for real this time.


    Built with the Unified XUL Platform @5caf997

     
  • 7 months ago
  • Basilisk 2020.04.15

    wolfbeast 7 months ago 31 commits to master since this release

    This is a major development update.

    Important: It is possible that since 2020.03.04 your browser is no longer checking automatically for updates, due to an oversight in keeping a pre-release preference. You may have to check for updates manually from the About box. Please verify after updating that your updating preferences are set correctly for your use!

    • Changed site-specific overrides to use an operating system macro instead of hard-coding a version.
    • Changed the way hardware acceleration is set on various operating systems.
    • Fixed an incorrect preference preventing automatic updates by default.
    • Changed the geolocation service requests to https thanks to a generous service donation by IP-API.com.
    • Changed the security storage database type to SQLite.
    • Enabled AV1 support in all builds; this was erroneously not built in recent releases.
    • Fixed several potential crashes.
    • Re-imported the ExtensionStorage js module for use by browser extensions.
    • Removed the use of high-resolution Windows system timers from the layout refresh driver; this should help with some performance and battery life issues.
    • Fixed an issue with element outlines sometimes being drawn too large.
    • Fixed an issue with grid cell sizing.
    • Fixed an issue with layout frames (e.g. selection popups) being wrongly positioned.
    • Removed a potentially dangerous and otherwise ineffective optimization from the JavaScript engine.
    • Fixed unwanted behavior where created/focused pop-up windows could potentially cover the DOM fullscreen notification, hiding it from users. (CVE-2020-6810)
    • Fixed an issue where copying data as a curl request from developer tools would not properly escape parameters. (CVE-2020-6811)
    • Updated our sctp library code with several upstream fixes.
    • Fixed an issue with the release of document content viewers (CVE-2020-6819). Defense-in-depth.
    • Fixed an issue with handling functions with rest parameters. Defense-in-depth.
    • Removed HTTP Public Key Pinning (HPKP)
    • Removed HSTS preloading list support since these lists are no longer efficient.

    Built with the Unified XUL Platform @ 6f6d1f6

     
  • Basilisk 2020.03.11

    wolfbeast 8 months ago 44 commits to master since this release

    This is a small compatibility release.

    • Cleaned up some front-end code (Thanks @athenian200)
    • Fixed the YouTube override (again) to discontinue use of the to-be-removed old interface.

    Built with the Unified XUL Platform @ 88da01c

     
  • Basilisk 2020.03.04

    wolfbeast 8 months ago 62 commits to master since this release

    This is a major development update.

    • New modular setup for building: Basilisk has been split off from the UXP platform repository and will be maintained as its own application with UXP as a platform module.
    • Implemented asynchronous iterators (await iterator.next() and for await loops) (ES2018)
    • Aligned document.open() with the overhauled specification.
    • Implemented promise-based media playback.
    • Enabled seeking to next frame in media files.
    • Improved table drawing performance again after the rewrite for sticky positioning making it slow.
    • Aligned the way DOM styles are computed with mainstream browser behavior.
    • Increased the maximum XML nesting depth to 2048 levels for extreme corner cases and to conservatively align with other browsers.
    • Implemented an NSS performance optimization for Master Password use with limited effect.
    • Implemented non-standard legacy CSSStyleSheet rules functions.
    • Implemented the html5 element. To switch this on, flip dom.dialog_element.enabled to true.
    • Implemented CustomElements v1. (preffed, not functional yet due to reliance on shadowDOM).
    • Implemented rule processing stub for font-variation-settings.
    • Implemented optional catch binding (ES2019).
    • Changed the way hardware acceleration is controlled from applications.
    • Updated CSP processing to allow custom scheme wildcards to be specified without a port.
    • Removed the (unused) DOM promise implementation.
    • Disabled some logging in production builds.
    • Disabled allowing remote jar: URIs by default for security reasons. If you need this functionality for your non-standard environment, you can enable it with the preference network.jar.block-remote-files, but please consider moving away from this method of providing web-based applications.
    • Completely removed showModalDialog.
    • Performed various tree-wide code cleanups.
    • Removed various gadgeteering/redundant/dead DOM APIs (casting/presentation, FlyWeb)
    • Removed “Copy raw data” button from the troubleshooting information page, since it’s never used by us in that format, and users mistakenly keep using it instead of copying text.
    • Removed a bunch of Android support code.
    • Backed out a large code cleanup patch for causing subtle issues in website operation (e.g. WordPress). This will have to be revisited later; the reintroduced code is not in use in practice.
    • Fixed several crashes.
    • Fixed a parsing issue with tags.
    • Fixed an issue with form elements sometimes being incorrectly disabled.
    • Fixed some potential crashing scenarios with WebGL on Linux.
    • Fixed a potential pointer issue issue in cubeb. (DiD)
    • Fixed a crash due to ES6 modules (CVE-2020-9545).

    Built with the Unified XUL Platform @ 88da01c