Releases

  • Pale moon 31.1.0

    Moonchild 4 weeks ago 3 commits to release since this release

    This is a major development update, focusing on media support, browser stability, performance and web compatibility.

    Changes/fixes:

    • Added Mojeek as an additional search engine in the browser. See implementation notes.
    • Implemented “nullish coalescing operator” (thanks, FranklinDM!) for web compatibility.
    • Fixed various crash scenarios in XPCOM.
    • Fixed an important stability and performance issue related to hardware acceleration.
    • Fixed a long-standing issue where overly-long address bar tooltips wouldn’t break into multiple lines but instead cut off on the right side.
    • Fixed a long-standing issue where dynamic datalist updates for <select> and similar elements wouldn’t properly update the option list.
    • Disabled broken links to MDN articles in developer tools.
    • Updated media support to include support for libavcodec 59/FFmpeg 5.0 for MP4 playback on Linux (thanks, Travis!)
    • Enabled the date picker for <input type=date>. See implementation notes.
    • Re-enabled the use of FIPS mode for NSS. See implementation notes.
    • Improved memory handling and memory safety in the JavaScript engine, further reducing current and future crash scenarios.
    • Improved memory handling in the graphics subsystem of Goanna.
    • Updated FFvpx to v4.2.7
    • Slightly reduced strictness of media checking for improved compatibility with questionable “gif” video encoders used on major websites.
    • Cleaned up the way file pickers (file open/save/save as dialogs) are handled on Windows.
    • Restored the gMultiProcessBrowser property of the browser for Firefox extension compatibility. See implementation notes.
    • Improved the way data is transferred to and from canvases to prevent memory safety issues.
    • Updated NSS to 3.52.6 to address security issues.
    • Reduced blocking severity for some extensions that were marked hard blockers for GRE (but aren’t for UXP).
    • Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other security issues that do not have a CVE number.
    • UXP Mozilla security patch summary: 2 fixed, 1 DiD, 26 not applicable.

    Implementation/build notes:

    • Following the concerns surrounding bias, censorship and unwanted filtering of search results by almost all available search engines, we’ve contacted Mojeek to have their search engine added by default to Pale Moon. This was done to offer a truly independent search alternative that has its own (long-standing) search index of the Web and does not rely on the major indexers like Bing, Google or Yahoo, who all apply bias and filtering to varying degrees on their search results (e.g. about politics or the war in the Ukraine). Since privacy-focused search engines like DuckDuckGo do rely on search results from these “big indexers”, whatever their “upstream” decides to be filtered out will also affect your results through those search engines. Mojeek offers its own, entirely independent search results which may provide you with truly independent alternative results. Give it a try!
    • Form input fields of type “date” will now pop up a graphical calendar to pick dates instead of having to manually enter the dates. Please note that the default format will match the base language of the browser (American English) which will be reflected in the mm/dd/yyyy placeholder. This is cosmetic only and does not actually influence how the date is passed to the server via the form. More work is needed for better localization of date and time input fields but that did not make this release.
    • FIPS mode is a special (rather archaic) operating mode of the NSS security library and software security device that handles certificates and credentials in the browser. In v31.0.0 this operating mode was no longer supported which resulted in some users who had previously enabled FIPS mode in the browser from accessing their credentials (giving errors on the master password, instead). For the time being, support for this mode is enabled again but if you use it, please disable this mode as it will go away. Standard operating mode with a master password is more secure than FIPS mode at this point, and FIPS was only ever necessary for US governmental use and “grandfathered in” without getting much attention. This will go away permanently over time so please pre-empt this removal by disabling FIPS mode if you had enabled it (its control can be found in Preferences -> Advanced -> Certificates tab -> Button “Security devices” -- yes, it’s buried pretty deep ;-) ).
    • Windows binaries are now being built and linked against a newer Windows SDK (10.0.22000.0) to align with system support for Windows 11. It is unlikely that this will negatively affect any users at this point in time.
    • While we don’t support multi-process browsing or “electrolysis”, extensions may still be checking what Firefox used as an indicator to know if electrolysis was enabled in it, which in some cases would require the extension to adjust its behavior. To provide better compatibility with legacy extensions that might otherwise error out when the gMultiprocessBrowser property was completely undefined, we restored this property (hard-coded to “false” since we don’t support multi-process).
     
  • Pale moon 31.1.0 Release candidate

    Moonchild 4 weeks ago 4 commits to release since this release

    Do not use this tagged version.

     
  • 1 month ago
  • Pale Moon 31.0.0

    Moonchild 1 month ago 17 commits to release since this release

    New milestone release. for details see official release notes

     
  • 1 month ago
  • 1 month ago
  • v29.4.6

    Moonchild 2 months ago 62 commits to release since this release

    This is a security and bugfix release.

    Changes/fixes:

    • Fixed a potential crash issue on bing.com.
    • Updated NSS to 3.52.4 to address security issues.
    • Fixed some thread locking issues. DiD
    • Worked around a Mesa driver bug that could cause crashes.
    • Fixed a potential resource access issue in devtools. DiD
    • Security issues with CVEs addressed: CVE-2022-1097, CVE-2022-28285 (DiD) and CVE-2022-28283 (DiD).
    • UXP Mozilla security patch summary: 1 fixed, 5 DiD, 2 rejected, 23 not applicable.
     
  • 2 months ago
  • 2 months ago
  • 3 months ago
  • 3 months ago
  • 3 months ago
  • 3 months ago
  • 3 months ago
  • 3 months ago
  • 3 months ago
  • 3 months ago
  • 4 months ago
  • 5 months ago
  • 6 months ago
  • 6 months ago
  • 7 months ago
  • 7 months ago
  • 8 months ago
  • 9 months ago
  • 10 months ago
  • 10 months ago
  • Pale Moon 29.4.0

    Ghost 10 months ago 83 commits to release since this release

    This is a development, bugfix and security release. Our release schedule was adjusted here to provide web compatibility improvements and not just a security update this month.

    Changes/fixes:

    • Implemented promise.allSettled().
    • Implemented global origin on windows and workers.
    • Improved performance of memory allocations.
    • Updated libcubeb to the current development version.
    • This improves OSS compatibility and addresses potential crashes, performance issues and security issues.
    • Updated SQLite to 3.36.0.
    • Improved thread safety of the web content cache. DiD
    • Added several fixes to avoid potential crashes and security issues. DiD
    • Unified XUL Platform Mozilla Security Patch Summary: 5 DiD, 12 not applicable.

    Built with the Unified XUL Platform - August 17, 2021 release.

     
  • 10 months ago
  • 10 months ago