• v2021.07.19

    Moonchild 4 months ago 0 commits to master since this release

    This is a development, bugfix and security update.

    • Enabled brotli compression for http for sites that support it.
    • Implemented EventTarget as a constructor.
    • Updated Windows 10 toolkit styling.
    • Updated the port blacklist (removed 10080).
    • CSS: Implemented calc() and animation support for stroke-dashoffset.
    • Added support for checking boolean preferences to chrome CSS style sheets, to support more advanced theming options.
    • Added support for dynamic dark color capable themes in CSS.
    • Updated ResizeObserver implementation to a more recent specification.
    • Removed a metric ton of Macintosh code.
    • Removed obsolete system theme support from the layout engine.
    • Fixed several crashes.
    • Linux: blocked particularly old versions of Mesa/Nouveau drivers due to issues.
    • Security issues addressed: CVE-2021-30547 and several other issues that don’t have a CVE number.
    • Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 3 DiD, 2 deferred (DiD), 12 not applicable.
  • v2021.04.27

    Moonchild 7 months ago 4 commits to master since this release

    This is a development, bugfix and security update.

    • Enabled the scrollbar-width CSS keyword by default.
    • Removed unit restriction on SVG width and height attributes.
    • Implemented prefers-color-scheme CSS keyword (defaults to “light”).
    • Added CSS values smooth, high-quality and pixelated to the image-rendering keyword.
    • Implemented Intl.NumberFormat.formatToParts() to allow deconstruction of localized number formats by scripts.
    • Reinstated the dom.details_element.enabled preference and fixed a rendering issue with summary/details html elements.
    • Fixed an issue with CSP .nonce attributes on elements.
    • Added port restrictions for WebRTC PeerConnections to prevent network abuse through WebRTC connections.
    • Fixed an overflow in clip paths, potentially causing them to be rendered incorrectly.
    • Added a warning to opening from history if it would spawn many new tabs.
    • Fixed forcing an icon type image even for invalid icons in search plugins.
    • Security issues addressed: CVE-2021-23986, CVE-2021-23981 and defense-in-depth fixes for CVE-2021-29946, CVE-2021-23994, several crashes and potential document parser confusion.
    • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 5 defense-in-depth, 21 not applicable.
  • v2021.03.17

    Moonchild 8 months ago 9 commits to master since this release

    This is a small bugfix update.

    • Changed the version of NSS to a custom build to address certificate import and (hopefully also) keygen issues.
    • Updated the embedded emoji font for Yet More Professions With All Skin Colors&tm;.
    • Updated the YouTube Studio useragent for compatibility.
  • v2021.03.11

    Moonchild 8 months ago 11 commits to master since this release

    This is a development, bugfix and security update.

    • Added support for missing ES2019 JavaScript functions and specifications.
    • Fixed an issue with useragent updates.
    • Folder uploads through input elements now require user interaction on Windows 10.
    • Mitigated a potential problem with history location/state change updates if used in rapid succession.
    • Fixed a problem with WebCrypto failing to work properly with AES-GCM.
    • Updated various libraries for compatibility and security.
    • Fixed several memory safety hazards and potential browser crashes
    • Security issues fixed: CVE-2021-23973, CVE-2021-23974.
    • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 2 defense-in-depth, 19 not applicable.
  • 10 months ago
  • v2021.01.05

    Moonchild 11 months ago 24 commits to master since this release

    This is a development and security update.

    • Fixed the display of dates and times to honor what the user has set in their regional settings.
    • Disabled the use of the legacy database format for stored passwords and certificates.
    • Worked around crashes and run-time issues with module scripts.
    • Moved the global user-agent override to the networking component. Please note that this may interfere with some “user agent spoofing” extensions.
    • Fixed a website layout issue with table-styled elements potentially overlapping when placed inside a flexbox.
    • Updated the list of prohibited ports the browser can use.
    • Updated NSS to 3.59.1
    • Security issues fixed: CVE-2020-26978 and CVE-2020-35112.
    • Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 16 not applicable.
  • v2020.11.25

    Moonchild 1 year ago 35 commits to master since this release

    This is a development and security update.

    • Aligned CSS tab-size with the specification and un-prefixed it.
    • Updated Brotli library to 1.0.9.
    • Updated JAR lib code.
    • Cleaned up HPKP leftovers.
    • Disabled the DOM filesystem API by default.
    • Removed Phone Vibrator API.
    • Fixed an issue where the software uninstaller would not remove the program files it should.
    • Fixed a devtools crash related to timeline snapshots.
    • Fixed several data race conditions.
    • Security issues fixed: CVE-2020-26960, CVE-2020-26951, CVE-2020-26956, CVE-2020-15999 and several memory safety hazards.
    • Unified XUL Platform Mozilla Security Patch Summary: 5 fixed, 4 defense-in-depth, 3 rejected, 19 not applicable.
  • 1 year ago
  • 1 year ago
  • 1 year ago
  • 1 year ago
  • 1 year ago
  • Basilisk 2020.05.08

    wolfbeast 1 year ago 59 commits to master since this release

    This is development and security update.

    • On-going work for implementing ShadowDOM v1, aligning the way DOM works as-needed.
    • On-going work for solving dependency issues in C++ throughout the entire tree.
    • Removed unused Contextual Identity Service.
    • Implemented URLSearchParams sort().
    • Enabled DOM High resolution timestamps.
    • Removed support for obsolete NV 3DVision stereoscopic hardware.
    • Fixed a potential vulnerability in the zip file reader. DiD
    • Fixed a potential vulnerability in the JavaScript JIT compiler related to aliases. DiD
    • Ported several upstream devtools fixes (addresses CVE-2020-12392 and CVE-2020-12393).
    • Ported upstream sctp fix (addresses CVE-2020-6831).
    • Improved memory safety of some WebAudio calls.
    • Improved memory safety in the XUL window destructor. DiD
    • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 3 DiD (Defense-in-depth), 15 not applicable.

    Built with the Unified XUL Platform @ 7c779d

  • Basilisk 2020.04.17

    wolfbeast 1 year ago 63 commits to master since this release

    This is a small update to enable AV1 for real this time.

    Built with the Unified XUL Platform @5caf997

  • 1 year ago
  • Basilisk 2020.04.15

    wolfbeast 1 year ago 66 commits to master since this release

    This is a major development update.

    Important: It is possible that since 2020.03.04 your browser is no longer checking automatically for updates, due to an oversight in keeping a pre-release preference. You may have to check for updates manually from the About box. Please verify after updating that your updating preferences are set correctly for your use!

    • Changed site-specific overrides to use an operating system macro instead of hard-coding a version.
    • Changed the way hardware acceleration is set on various operating systems.
    • Fixed an incorrect preference preventing automatic updates by default.
    • Changed the geolocation service requests to https thanks to a generous service donation by
    • Changed the security storage database type to SQLite.
    • Enabled AV1 support in all builds; this was erroneously not built in recent releases.
    • Fixed several potential crashes.
    • Re-imported the ExtensionStorage js module for use by browser extensions.
    • Removed the use of high-resolution Windows system timers from the layout refresh driver; this should help with some performance and battery life issues.
    • Fixed an issue with element outlines sometimes being drawn too large.
    • Fixed an issue with grid cell sizing.
    • Fixed an issue with layout frames (e.g. selection popups) being wrongly positioned.
    • Removed a potentially dangerous and otherwise ineffective optimization from the JavaScript engine.
    • Fixed unwanted behavior where created/focused pop-up windows could potentially cover the DOM fullscreen notification, hiding it from users. (CVE-2020-6810)
    • Fixed an issue where copying data as a curl request from developer tools would not properly escape parameters. (CVE-2020-6811)
    • Updated our sctp library code with several upstream fixes.
    • Fixed an issue with the release of document content viewers (CVE-2020-6819). Defense-in-depth.
    • Fixed an issue with handling functions with rest parameters. Defense-in-depth.
    • Removed HTTP Public Key Pinning (HPKP)
    • Removed HSTS preloading list support since these lists are no longer efficient.

    Built with the Unified XUL Platform @ 6f6d1f6

  • Basilisk 2020.03.11

    wolfbeast 1 year ago 79 commits to master since this release

    This is a small compatibility release.

    • Cleaned up some front-end code (Thanks @athenian200)
    • Fixed the YouTube override (again) to discontinue use of the to-be-removed old interface.

    Built with the Unified XUL Platform @ 88da01c

  • Basilisk 2020.03.04

    wolfbeast 1 year ago 97 commits to master since this release

    This is a major development update.

    • New modular setup for building: Basilisk has been split off from the UXP platform repository and will be maintained as its own application with UXP as a platform module.
    • Implemented asynchronous iterators (await and for await loops) (ES2018)
    • Aligned with the overhauled specification.
    • Implemented promise-based media playback.
    • Enabled seeking to next frame in media files.
    • Improved table drawing performance again after the rewrite for sticky positioning making it slow.
    • Aligned the way DOM styles are computed with mainstream browser behavior.
    • Increased the maximum XML nesting depth to 2048 levels for extreme corner cases and to conservatively align with other browsers.
    • Implemented an NSS performance optimization for Master Password use with limited effect.
    • Implemented non-standard legacy CSSStyleSheet rules functions.
    • Implemented the html5 element. To switch this on, flip dom.dialog_element.enabled to true.
    • Implemented CustomElements v1. (preffed, not functional yet due to reliance on shadowDOM).
    • Implemented rule processing stub for font-variation-settings.
    • Implemented optional catch binding (ES2019).
    • Changed the way hardware acceleration is controlled from applications.
    • Updated CSP processing to allow custom scheme wildcards to be specified without a port.
    • Removed the (unused) DOM promise implementation.
    • Disabled some logging in production builds.
    • Disabled allowing remote jar: URIs by default for security reasons. If you need this functionality for your non-standard environment, you can enable it with the preference network.jar.block-remote-files, but please consider moving away from this method of providing web-based applications.
    • Completely removed showModalDialog.
    • Performed various tree-wide code cleanups.
    • Removed various gadgeteering/redundant/dead DOM APIs (casting/presentation, FlyWeb)
    • Removed “Copy raw data” button from the troubleshooting information page, since it’s never used by us in that format, and users mistakenly keep using it instead of copying text.
    • Removed a bunch of Android support code.
    • Backed out a large code cleanup patch for causing subtle issues in website operation (e.g. WordPress). This will have to be revisited later; the reintroduced code is not in use in practice.
    • Fixed several crashes.
    • Fixed a parsing issue with tags.
    • Fixed an issue with form elements sometimes being incorrectly disabled.
    • Fixed some potential crashing scenarios with WebGL on Linux.
    • Fixed a potential pointer issue issue in cubeb. (DiD)
    • Fixed a crash due to ES6 modules (CVE-2020-9545).

    Built with the Unified XUL Platform @ 88da01c