MoonchildProductions/Pale-Moon
MoonchildProductions
/
Pale-Moon
17
18
Derivar 16
Código Questões 16 Pedidos de integração Lançamentos 84 Trabalho

84 Lançamentos 449 Etiquetas

  • 33.1.0_Release 1d5a6adf5f

    Pale Moon 33.1.0 Estável

    Moonchild lançou isto 2024-04-23 11:12:39 +00:00 | -193 cometimentos para master desde este lançamento

    This is a development, stability and security release.

    New features:

    • Implemented support for single-use <link rel=preload> meta tag. This implementation allows use of it without specifying a second <link rel={type}> meta tag to actually load the linked document which was originally intended for this tag (to hint to a browser it should pre-load the document for fast painting).
    • Implemented CSP v3 keywords script-src-elem, script-src-attr, style-src-elem and style-src-attr.
    • Enabled the use of html5's <dialog> by default. While this is not yet a complete implementation, use of it in the wild dictated we enable this early. The implementation should functionally suffice for usage seen so far.
    • Added support for Emoji 15.1.
    • Implemented webkitURL legacy window alias for URL for web compatibility.
    • Implemented CSS shorthands margin-block, margin-inline, padding-block and padding-inline.
    • Added support for querying CPU capabilities (SSE2/AVX/AVX2) to the Navigator interface. For privacy reasons this is not exposed to the web, but can be used by extensions.

    Changes/fixes:

    • Fixed broken mousewheel scrolling if building with --disable-npapi.
    • Fixed a minor issue with XUL tree display in some circumstances.
    • Dev: Aligned canvas Path2D.addPath with the updated spec. It now supports DOMMatrix as opposed to SVGMatrix.
    • Removed Stylo (Gecko Rust style system) leftovers from the source tree.
    • Fixed a few potential emoji display issues.
    • Fixed some issues with workers.
    • Fixed an issue with ctrl+c copying in devtools.
    • Fixed crashes when run under WINE because of its lack of support for IDXGIKeyedMutex.
    • Fixed a crash when dealing with a specific (unmaintained) extension.
    • Added .xrm-ms files to the executable warning list on Windows.
    • Added sanity checks on http/2 header sizes.
    • Fixed a potential issue in the JavaScript JIT compiler.
    • Pulled a few fixes from upstream for the OpenType Sanitizer.
    • Added a fix to avoid a potential issue when assigning a media data buffer.
    • Security issues addressed: CVE-2024-3863, CVE-2024-3302, CVE-2024-3857 (DiD), CVE-2024-3859 and CVE-2024-3861 (DiD).
    Descargas
  • 33.0.2_Release 204b3fdedf

    Pale Moon 33.0.2 Estável

    Moonchild lançou isto 2024-03-26 11:09:42 +00:00 | 15 cometimentos para release desde este lançamento

    This is a minor security and stability release.

    Changes/fixes:

    • Fixed an issue with attributes on duplicate html tags.
    • Aligned the behavior of internal pointer structures to be more uniform. DiD
    • Security issue addressed: CVE-2024-2610
    Descargas
  • 33.0.1_Release d2b24ace7a

    Pale Moon 33.0.1 Estável

    Moonchild lançou isto 2024-02-27 08:37:21 +00:00 | 19 cometimentos para release desde este lançamento

    This is a bugfix and security update.

    Changes/fixes:

    • Removed site-specific override for Amazon.com due to breakage.
    • Fixed script timeout values that were inadvertently overridden in branding.
    • Fixed an issue where empty MIME type registrations would break some parts of the UI.
    • (Linux only) Pasting URLs to content now by default does not navigate to that URL.
    • If content-paste-navigation is enabled (via middlemouse.contentLoadURL), navigation is now restricted to pasting to active body type elements (to prevent unwanted navigation when pasting URLs to input boxes, for example).
    • Fixed a problem with JS modules preventing ExportEntries from working.
    • (Linux only) Fixed a build issue when building with a system-supplied cairo library (unsupported).
    • Fixed an issue where workers could lock up the browser with SetInterval with an out-of-bounds (too small) value. This is now clamped to 4ms matching the HTML spec.
    • Fixed a few usability issues with the built-in developer tools.
    • Fixed a potential crash in web workers.
    • Fixed a potential overflow issue in image maps.
    • Fixed a potential security issue with multi-part/mixed content (CVE-2024-1551).

    (from this point forward we will no longer list UXP Mozilla security patch summaries as they are mostly irrelevant)

    Descargas
  • 33.0.0_Release 637e1ceec2

    Pale Moon 33.0.0 Estável

    Moonchild lançou isto 2024-01-30 11:25:05 +00:00 | 25 cometimentos para release desde este lançamento

    This is a new milestone release. It involves over 250 commits, of which the most important ones are highlighted here.

    New features:

    • Implemented a restricted version of the asynchronous clipboard API (navigator.clipboard). This API is restricted to writing only for obvious security considerations. It supports both plaintext and the standard DataTransfer methods. We did not implement the reinvented wheel concept of ClipboardItem objects.
    • Implemented support for SHA-2 (SHA-256/SHA-512/etc.) signatures for OCSP stapled responses.
    • Implemented an option (Found in Preferences -> Content -> Media tab (new this version)) to restrict DOM full-screen mode to the existing browser window.
    • Implemented several options in a new preferences tab (Preference -> Privacy -> Tracking) to allow users to more easily control several privacy-impacting features, namely poisoning of canvas data (to prevent fingerprinting), and enabling of Performance observers (a developer feature) that some websites rely on for their operation.
    • Implemented PromiseRejectionEvent. Although this is rarely actually used, some common JS libraries (you know who you are!) use it as a feature level canary and start loading (broken!) Promise shims if it is not found, causing compatibility issues and broken websites due to the shims.

    Fixes:

    • Aligned microtasks and Promises scheduling with the current spec and expected behavior.
    • We now no longer send click events to top levels of the document hierarchy when using non-primary buttons (use auxclick, instead, to capture these events).
    • Greatly improved the performance of box shadows.
    • Greatly improved the performance of file/data uploads over HTTP/2 (most of the secure websites out there).
    • Fixed several issues related to focus and content selection.
    • Fixed issues with the use of focus-within caused by unexpected processing of DOM events.
    • Fixed an issue with CSP not behaving as-expected when using importScripts(), and fixed a number of additional CSP-related issues.
    • Fixed a web compatibility issue with CORS preflights not sending the original request's referrer policy or referrer header.
    • Fixed a spec compliance issue with StructuredClone.
    • Fixed a crash due to clamping code introduced for SetInterval and SetTimeout timers.
    • Fixed crashes when dynamic imports are canceled (e.g. by navigation).

    Other changes:

    • Changed <input type=file> to now have its .files property be writable following a spec change and recommendation.
    • We are now requiring and building against the C++17 language standard.
    • Updated the in-tree ffvpx lib to 6.0.
    • Added a preference to allow users to completely disable reporting of CSP errors to webmasters. Using this is strongly discouraged as it will provide essential troubleshooting information to webmasters setting up CSP, and does not pose a privacy issue, but for those who really want it, it can now be fully disabled. The preference is security.csp.reporting.enabled.
    • Updated the IntersectionObserver interface to now also accept documents for the observer root instead of only HTML elements.
    • Cleaned up various bits of code surrounding GMP, memory allocation, system libraries, vestigial Android code, freetype2 and developer tools.
    • Improved efficiency of handling D3D textures.
    • Added initial and experimental Mac PowerPC and Big Endian support.
    • Changed the behavior of hung scripts. We now automatically terminate them instead of presenting the user with a dialog box (which may or may not show in a reasonable time if the browser is too busy trying to process the hung script). If you prefer the old behavior, uncheck the box "Automatically stop non-responsive scripts" in Preferences -> Content -> General
    • Security issues addressed: CVE-2024-0746, CVE-2024-0741, CVE-2024-0743 DiD, CVE-2024-0750 DiD, and CVE-2024-0753.
    • UXP Mozilla security patch summary: 3 fixed, 2 DiD, 12 not applicable.
    Descargas
  • 32.5.2_Release ae12e17cd3

    Pale Moon 32.5.2 Estável

    Moonchild lançou isto 2023-12-21 13:07:34 +00:00 | 54 cometimentos para release desde este lançamento

    This is a bugfix and security update.
    Merry Christmas and Happy Holidays to all!

    Changes/fixes:

    • Removed the standard Twitter/X user-agent override because they decided to block us on it.
    • Added preferences for the user to control whether or not the tab page title should be included in the window title or not. In Private Browsing mode, the default is now to not show the title in the window. This was done to avoid potential leakage to system logs (e.g. GNOME shell logs or Windows event logs) of websites visited through the recorded window title. The new preferences are privacy.exposeContentTitleInWindow and privacy.exposeContentTitleInWindow.pbm for normal mode and Private Browsing mode, respectively.
    • Fixed several crashes in DOM and relating to dynamic JavaScript module imports.
    • Removed a restriction on Fetch preflight redirects, following a spec update.
    • Improved the handling of web workers if they get aborted mid-action.
    • Security issues addressed: CVE-2023-6863, CVE-2023-6858 and several others that do not have a CVE number.
    • UXP Mozilla security patch summary: 4 fixed, 2 DiD, 1 rejected (which was DiD at best), 1 postponed (low risk), 22 not applicable.
    Descargas
  • 32.5.1_Release 76f69ecaaa

    Pale Moon 32.5.1 Estável

    Moonchild lançou isto 2023-11-28 07:40:19 +00:00 | 58 cometimentos para release desde este lançamento

    This is a minor development and security update.
    Important: as of this version, our beta FreeBSD binaries require at least FreeBSD 13.

    Changes/fixes:

    • Restricted protocol fallback for TLS. Pale Moon no longer (by default) allows TLS 1.3 to fall back to earlier protocol versions during the initial handshake.
    • Reverted the addition of browser.bookmarks.openInTabClosesMenu due to behavioral issues with menus.
      If you desire the intended behavior, please use an extension instead.
    • We no longer support the data: protocol inside SVG's <use> statements.
    • Enabled more validation/error checking for WebGL on Windows to prevent potential crashes.
    • Improved secure context checking for iframes.
    • Fixed the handling of relative paths in URLs starting with multiple forward slashes.
    • Security issues addressed: CVE-2023-6204, CVE-2023-6210, CVE-2023-6209 and CVE-2023-6205 DiD
    • UXP Mozilla security patch summary: 3 fixed, 1 DiD, 14 not applicable.
    Descargas
  • 32.5.0_Release-SunOS b9488c0c32

    Pale Moon 32.5.0 (SunOS) Estável

    Moonchild lançou isto 2023-11-06 14:04:37 +00:00 | 62 cometimentos para release desde este lançamento

    SunOS release of 32.5.0

    Separate release for using updated UXP as its state for SunOS was broken with the initial 32.5.0 release commits.

    Descargas
  • 32.5.0_Release 6a7ff6a825

    Pale Moon 32.5.0 Estável

    Moonchild lançou isto 2023-10-30 18:12:59 +00:00 | 63 cometimentos para release desde este lançamento

    This is a major development and security update. And a Happy Halloween to everyone who celebrates! 🎃👻🦇

    Changes/fixes:

    • Added an initial implementation of the ReadableStreams API, improving web compatibility with sites that apparently use this API in utilitarian fashion.
    • Added support for transparency in WebM videos for the edge case of using <video> elements for transparent animated images. Major caveat: this will massively impact performance of video playback if an alpha channel is present in the video.
    • Added support for crypto.randomUUID to allow website scripting to generate random UUIDs (universally unique identifiers) through the WebCrypto interface.
    • By user request, added a preference browser.bookmarks.openInTabClosesMenu (default true) to allow users to configure if they want to keep the bookmarks menu open if they open bookmarks from it in a new tab (by middle-clicking or Ctrl-clicking). The default behavior is to close the bookmarks menu like any other menu when an option in it is clicked.
    • Removed the user-agent override for Netflix, since they have stopped supporting the Silverlight browser plugin. Pale Moon no longer has a way to provide Netflix DRM-controlled playback with them dropping it, so there is no longer a reason to try and force compatibility.
    • Updated the user-agent override for Spotify. While it is possible to use the website with this, it suffers from the same DRM issue and not all media will be playable (only non-encumbered media can be played in Pale Moon like podcasts). Your mileage may vary.
    • Implemented timer nesting and clamping for workers, preventing timer hangs on bad website code.
    • Improved handling of drawing SVG images on canvases without explicit width or height attributes. We now follow the css-sizing-3 Intrinsic Sizes spec.
    • Improved performance of our memory allocator.
    • Updated libvpx to 1.6.1.
    • Cleaned up and updated some media playback code.
    • Removed the inclusion of GMP (Gecko Media Plugin) support from Pale Moon, as it was only in use for EME/DRM and WebRTC, neither of which we support.
    • Removed the last vestiges of EME/DRM code from UXP, since this will never be supported in any application building on it due to the media industry's draconic policies around FOSS.
    • Removed simd.js, moving actually used SIMD handling to C++.
    • Removed the use of libav in our source, replacing its supply of FFT with the equivalent from FFMpeg.
    • Fixed potential type confusion in IonMonkey due to 3-byte opcodes.
    • Fixed an issue with tooltips persisting even if the browser window would have lost focus.
    • Fixed PerformanceObserver navigation and resource timing (default disabled for privacy); our implementation now fully passes conformance tests.
    • Fixed an issue where top-level SVG images would not be correctly clipped by positioned elements, giving the impression of wrong z-ordering as the SVG would overlap other elements.
    • Dev: Updated setInterval to fall back to 0 if no duration is supplied.
    • Dev: Updated ResizeObserver to a recent spec change, now returning an array of results for borderBoxSize and contentBoxSize instead of an object.
    • Dev: Updated Intl.NumberFormat and DefaultNumberOption() to follow spec updates. Most importantly for web compatibility, we now allow the "maximumFractionDigits" option in Intl.NumberFormat to be less than the default minimum fraction digits for the chosen locale, following the general consensus in TC39 around this issue.
    • Increased leniency (removed upper limit) of GLSL versions as they tend to be fully backwards compatible.
    • Fixed various crashes.
    • Added a safeguard to the sec-gpc header (Global Privacy Control) so it cannot be inadvertently overwritten.
    • Security fixes: addressed CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5727 and several other issues without a CVE number assigned to them.
    • UXP Mozilla security patch summary: 6 fixed, 2 DiD, 19 not applicable.
    Descargas
  • 32.4.1_Release 791a7d2d50

    Pale Moon 32.4.1 Estável

    Moonchild lançou isto 2023-10-02 20:29:22 +00:00 | 77 cometimentos para release desde este lançamento

    This is a bugfix and security update.

    Changes/fixes:

    • Fixed an issue in BigInt typedArray costructors.
    • Added some safety checks for Performance Observers.
    • Fixed JSON BigInt regressions.
    • Fixed missing BigInt increment/decrement operations.
    • Added WASM sign extension opcodes.
    • Fixed an issue with dead Promise wrappers in JavaScript DiD
    • Fixed an issue with Alternative Services DiD
    • Fixed an issue with libvpx (address CVE-2023-5217) DiD
    Descargas
  • 32.4.0.1_Release f8b690cff9

    Pale Moon 32.4.0.1 Estável

    Moonchild lançou isto 2023-09-13 08:32:57 +00:00 | 79 cometimentos para release desde este lançamento

    This is a point release update to address a critical security vulnerability.

    Descargas