This is a major development update, focusing on media support, browser stability, performance and web compatibility.
Changes/fixes:
- Added Mojeek as an additional search engine in the browser. See implementation notes.
- Implemented “nullish coalescing operator” (thanks, FranklinDM!) for web compatibility.
- Fixed various crash scenarios in XPCOM.
- Fixed an important stability and performance issue related to hardware acceleration.
- Fixed a long-standing issue where overly-long address bar tooltips wouldn’t break into multiple lines but instead cut off on the right side.
- Fixed a long-standing issue where dynamic datalist updates for
<select>
and similar elements wouldn’t properly update the option list.
- Disabled broken links to MDN articles in developer tools.
- Updated media support to include support for libavcodec 59/FFmpeg 5.0 for MP4 playback on Linux (thanks, Travis!)
- Enabled the date picker for
<input type=date>
. See implementation notes.
- Re-enabled the use of FIPS mode for NSS. See implementation notes.
- Improved memory handling and memory safety in the JavaScript engine, further reducing current and future crash scenarios.
- Improved memory handling in the graphics subsystem of Goanna.
- Updated FFvpx to v4.2.7
- Slightly reduced strictness of media checking for improved compatibility with questionable “gif” video encoders used on major websites.
- Cleaned up the way file pickers (file open/save/save as dialogs) are handled on Windows.
- Restored the
gMultiProcessBrowser
property of the browser for Firefox extension compatibility. See implementation notes.
- Improved the way data is transferred to and from canvases to prevent memory safety issues.
- Updated NSS to 3.52.6 to address security issues.
- Reduced blocking severity for some extensions that were marked hard blockers for GRE (but aren’t for UXP).
- Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other security issues that do not have a CVE number.
- UXP Mozilla security patch summary: 2 fixed, 1 DiD, 26 not applicable.
Implementation/build notes:
- Following the concerns surrounding bias, censorship and unwanted filtering of search results by almost all available search engines, we’ve contacted Mojeek to have their search engine added by default to Pale Moon. This was done to offer a truly independent search alternative that has its own (long-standing) search index of the Web and does not rely on the major indexers like Bing, Google or Yahoo, who all apply bias and filtering to varying degrees on their search results (e.g. about politics or the war in the Ukraine). Since privacy-focused search engines like DuckDuckGo do rely on search results from these “big indexers”, whatever their “upstream” decides to be filtered out will also affect your results through those search engines. Mojeek offers its own, entirely independent search results which may provide you with truly independent alternative results. Give it a try!
- Form input fields of type “date” will now pop up a graphical calendar to pick dates instead of having to manually enter the dates. Please note that the default format will match the base language of the browser (American English) which will be reflected in the
mm/dd/yyyy
placeholder. This is cosmetic only and does not actually influence how the date is passed to the server via the form. More work is needed for better localization of date and time input fields but that did not make this release.
- FIPS mode is a special (rather archaic) operating mode of the NSS security library and software security device that handles certificates and credentials in the browser. In v31.0.0 this operating mode was no longer supported which resulted in some users who had previously enabled FIPS mode in the browser from accessing their credentials (giving errors on the master password, instead). For the time being, support for this mode is enabled again but if you use it, please disable this mode as it will go away. Standard operating mode with a master password is more secure than FIPS mode at this point, and FIPS was only ever necessary for US governmental use and “grandfathered in” without getting much attention. This will go away permanently over time so please pre-empt this removal by disabling FIPS mode if you had enabled it (its control can be found in Preferences -> Advanced -> Certificates tab -> Button “Security devices” -- yes, it’s buried pretty deep ;-) ).
- Windows binaries are now being built and linked against a newer Windows SDK (10.0.22000.0) to align with system support for Windows 11. It is unlikely that this will negatively affect any users at this point in time.
- While we don’t support multi-process browsing or “electrolysis”, extensions may still be checking what Firefox used as an indicator to know if electrolysis was enabled in it, which in some cases would require the extension to adjust its behavior. To provide better compatibility with legacy extensions that might otherwise error out when the
gMultiprocessBrowser
property was completely undefined, we restored this property (hard-coded to “false” since we don’t support multi-process).