MoonchildProductions/Pale-Moon
MoonchildProductions
/
Pale-Moon
17
18
Fork 16
Code Issues 16 Pull Requests Releases 84 Activity

84 Releases 449 Tags

  • 31.1.0_Release_build2 2338cf345f

    Pale moon 31.1.0 Stable

    Moonchild released this 2022-06-07 12:26:54 +00:00 | 240 commits to release since this release

    This is a major development update, focusing on media support, browser stability, performance and web compatibility.

    Changes/fixes:

    • Added Mojeek as an additional search engine in the browser. See implementation notes.
    • Implemented "nullish coalescing operator" (thanks, FranklinDM!) for web compatibility.
    • Fixed various crash scenarios in XPCOM.
    • Fixed an important stability and performance issue related to hardware acceleration.
    • Fixed a long-standing issue where overly-long address bar tooltips wouldn't break into multiple lines but instead cut off on the right side.
    • Fixed a long-standing issue where dynamic datalist updates for <select> and similar elements wouldn't properly update the option list.
    • Disabled broken links to MDN articles in developer tools.
    • Updated media support to include support for libavcodec 59/FFmpeg 5.0 for MP4 playback on Linux (thanks, Travis!)
    • Enabled the date picker for <input type=date>. See implementation notes.
    • Re-enabled the use of FIPS mode for NSS. See implementation notes.
    • Improved memory handling and memory safety in the JavaScript engine, further reducing current and future crash scenarios.
    • Improved memory handling in the graphics subsystem of Goanna.
    • Updated FFvpx to v4.2.7
    • Slightly reduced strictness of media checking for improved compatibility with questionable "gif" video encoders used on major websites.
    • Cleaned up the way file pickers (file open/save/save as dialogs) are handled on Windows.
    • Restored the gMultiProcessBrowser property of the browser for Firefox extension compatibility. See implementation notes.
    • Improved the way data is transferred to and from canvases to prevent memory safety issues.
    • Updated NSS to 3.52.6 to address security issues.
    • Reduced blocking severity for some extensions that were marked hard blockers for GRE (but aren't for UXP).
    • Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other security issues that do not have a CVE number.
    • UXP Mozilla security patch summary: 2 fixed, 1 DiD, 26 not applicable.

    Implementation/build notes:

    • Following the concerns surrounding bias, censorship and unwanted filtering of search results by almost all available search engines, we've contacted Mojeek to have their search engine added by default to Pale Moon. This was done to offer a truly independent search alternative that has its own (long-standing) search index of the Web and does not rely on the major indexers like Bing, Google or Yahoo, who all apply bias and filtering to varying degrees on their search results (e.g. about politics or the war in the Ukraine). Since privacy-focused search engines like DuckDuckGo do rely on search results from these "big indexers", whatever their "upstream" decides to be filtered out will also affect your results through those search engines. Mojeek offers its own, entirely independent search results which may provide you with truly independent alternative results. Give it a try!
    • Form input fields of type "date" will now pop up a graphical calendar to pick dates instead of having to manually enter the dates. Please note that the default format will match the base language of the browser (American English) which will be reflected in the mm/dd/yyyy placeholder. This is cosmetic only and does not actually influence how the date is passed to the server via the form. More work is needed for better localization of date and time input fields but that did not make this release.
    • FIPS mode is a special (rather archaic) operating mode of the NSS security library and software security device that handles certificates and credentials in the browser. In v31.0.0 this operating mode was no longer supported which resulted in some users who had previously enabled FIPS mode in the browser from accessing their credentials (giving errors on the master password, instead). For the time being, support for this mode is enabled again but if you use it, please disable this mode as it will go away. Standard operating mode with a master password is more secure than FIPS mode at this point, and FIPS was only ever necessary for US governmental use and "grandfathered in" without getting much attention. This will go away permanently over time so please pre-empt this removal by disabling FIPS mode if you had enabled it (its control can be found in Preferences -> Advanced -> Certificates tab -> Button "Security devices" -- yes, it's buried pretty deep ;-) ).
    • Windows binaries are now being built and linked against a newer Windows SDK (10.0.22000.0) to align with system support for Windows 11. It is unlikely that this will negatively affect any users at this point in time.
    • While we don't support multi-process browsing or "electrolysis", extensions may still be checking what Firefox used as an indicator to know if electrolysis was enabled in it, which in some cases would require the extension to adjust its behavior. To provide better compatibility with legacy extensions that might otherwise error out when the gMultiprocessBrowser property was completely undefined, we restored this property (hard-coded to "false" since we don't support multi-process).
    Downloads
  • 31.1.0_Release f93ac71b91

    Pale moon 31.1.0 Release candidate Pre-Release

    Moonchild released this 2022-06-07 09:32:27 +00:00 | 241 commits to release since this release

    Do not use this tagged version.

    Downloads
  • 31.0.0_Release 8440447a99

    Pale Moon 31.0.0 Stable

    Moonchild released this 2022-05-10 08:31:03 +00:00 | 254 commits to release since this release

    New milestone release. for details see official release notes

    Downloads
  • 29.4.6_Release f694a76857

    v29.4.6 Stable

    Moonchild released this 2022-04-12 12:33:01 +00:00 | 299 commits to release since this release

    This is a security and bugfix release.

    Changes/fixes:

    • Fixed a potential crash issue on bing.com.
    • Updated NSS to 3.52.4 to address security issues.
    • Fixed some thread locking issues. DiD
    • Worked around a Mesa driver bug that could cause crashes.
    • Fixed a potential resource access issue in devtools. DiD
    • Security issues with CVEs addressed: CVE-2022-1097, CVE-2022-28285 (DiD) and CVE-2022-28283 (DiD).
    • UXP Mozilla security patch summary: 1 fixed, 5 DiD, 2 rejected, 23 not applicable.
    Downloads
  • 29.4.0_Release d3e6460833

    Pale Moon 29.4.0 Stable

    Ghost released this 2021-08-17 11:16:01 +00:00 | 320 commits to release since this release

    This is a development, bugfix and security release. Our release schedule was adjusted here to provide web compatibility improvements and not just a security update this month.

    Changes/fixes:

    • Implemented promise.allSettled().
    • Implemented global origin on windows and workers.
    • Improved performance of memory allocations.
    • Updated libcubeb to the current development version.
    • This improves OSS compatibility and addresses potential crashes, performance issues and security issues.
    • Updated SQLite to 3.36.0.
    • Improved thread safety of the web content cache. DiD
    • Added several fixes to avoid potential crashes and security issues. DiD
    • Unified XUL Platform Mozilla Security Patch Summary: 5 DiD, 12 not applicable.

    Built with the Unified XUL Platform - August 17, 2021 release.

    Downloads
  • 29.3.0_Release 0e67dcbcfe

    Pale Moon 29.3.0 Stable

    Ghost released this 2021-07-19 16:26:06 +00:00 | 327 commits to release since this release

    This is a development, bugfix and security release.

    Changes/fixes:

    • "Web Developer" is now called "Developer Tools" in the menus.
    • Updated and aligned about:home, the QuickDial page and logopage styling.
    • Re-organized the privacy category in the preferences window.
    • Enabled brotli compression for http for sites that support it. See implementation notes.
    • Implemented EventTarget as a constructor.
    • Updated Windows 10 toolkit styling.
    • Updated the port blacklist (removed 10080). See implementation notes.
    • CSS: Implemented calc() and animation support for stroke-dashoffset.
    • Added support for checking boolean preferences to chrome CSS style sheets, to support more advanced theming options.
    • Added support for dynamic dark color capable themes in CSS.
    • Updated ResizeObserver implementation to a more recent specification. See implementation notes.
    • Removed a metric ton of Macintosh code.
    • Removed obsolete system theme support from the layout engine.
    • Fixed several crashes.
    • Linux: blocked particularly old versions of Mesa/Nouveau drivers due to issues.
    • Security issues addressed: CVE-2021-30547 and several other issues that don't have a CVE number.
    • Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 3 DiD, 2 deferred (DiD), 12 not applicable.

    Implementation notes:

    • Brotli compression (introduced a few years back) has originally been restricted to https only in web browsers because there was some concern about interaction with middleware boxes with poor design trying to transparently recompress data not recognizing the new compression stream type and causing failures. The kind of processing done in those boxes (SDCH) has long since been deprecated. Since then, the segregation for Brotli between http and https has been maintained by Chrome and Firefox as a vessel to further promote https over http by artificially keeping http less efficient (denying the use of the more dense Brotli compression). Since there is no technical reason not to enable Brotli over http, we will accept (by way of Accept-encoding) Brotli over plain http from this version on, offering up to 20% less bandwidth use when servers also support it.
    • We maintain a blacklist of ports that should not be addressed from a browser (primarily to prevent scripted abuse). Not too long ago we updated these ports with a number of additional (higher range) ones, including port 10080 (Amanda). Unfortunately there is too much overlap with other common services/devices that also use this (arbitrarily chosen) port, so we've removed this particular port again from our blacklist.
    • The ResizeObserver implementation was changed to now support the updated specification for this API, including the experimental properties contentBoxSize and borderBoxSize which allows finer control to respond to size changes of elements. The old spec sizing property of contentRect remains supported for web compatibility.

    Built with the Unified XUL Platform - July 19, 2021 release.

    Downloads
  • 29.2.1_Release b5aa3cb745

    Pale Moon 29.2.1 Stable

    Moonchild released this 2021-06-08 11:00:17 +00:00 | 357 commits to release since this release

    This is a small bugfix release.

    Changes/Fixes:

    • Worked around an issue with autocomplete popups sometimes failing to work (and added some debug console logging to it in case it happens to help find the root cause)
    • Fixed an issue with DOM mouse scrolling throwing errors.
    • Fixed a race with network detection routines firing incorrectly when resuming from standby.
    • Fixed a crash when using large uploads through DOM.
    • Fixed an issue where the menulist-button on editable menulist widgets was not visible on GTK3.
    • Reduced the number of reported "important preferences" in troubleshooting information, excluding individual printer details.
    • Fixed an issue with the JS JIT compiler not tracing debugger environments (DiD).

    There were no security issues that applied to UXP or Pale Moon this release cycle.

    Built with the Unified XUL Platform - June 8, 2021 release.

    Downloads
  • 29.2.0_Release e7ccadb26f

    Pale Moon 29.2.0 Stable

    Moonchild released this 2021-04-27 10:57:50 +00:00 | 166 commits to master since this release

    This is a development and bugfix release.

    Starting with this version, we will no longer be supporting unmaintained legacy Firefox extensions that are not updated for/targeting Pale Moon directly.
    Please see this forum post for details.

    Changes/fixes:

    • When opening tabs from the History side bar, Pale Moon will now warn you about the action if it would result in opening many tabs at once.
    • Pale Moon now offers "Open All in Tabs" on bookmark folders even if there is only one sub-item in it, for UI consistency.
    • Added media format controls in the Content category of Preferences.
    • Added controls for preferred color scheme. See implementation notes.
    • Updated several site-specific user-agent overrides for web compatibility.
    • Removed the ability to accept Firefox IDs for extension installation.
    • Removed conditional Macintosh code from the application front-end.
    • Updated the AV1 reference library to 2.0.
    • Cleaned up more Android code from the platform.
    • Updated the embedded emoji font to cater to even more race-dependent profession emoji.
    • Fixed an overflow in clip paths, potentially causing them to be rendered incorrectly.
    • Added CSS values smooth, high-quality and pixelated to the image-rendering keyword.
    • Implemented Intl.NumberFormat.formatToParts() to allow deconstruction of localized number formats by scripts.
    • Reinstated the dom.details_element.enabled preference and fixed a rendering issue with summary/details html elements.
    • Fixed an issue with CSP .nonce attributes on elements.
    • Security issues addressed: CVE-2021-29946 DiD and CVE-2021-23994 DiD.
    • Unified XUL Platform Mozilla Security Patch Summary: 2 DiD, 14 not applicable.

    Implementation notes:

    • This version adds support for the prefers-color-scheme CSS keyword. This keyword is a media query keyword that indicates to websites whether your content styling preference is "light" or "dark". Unlike other browsers where this will be tied to your system color scheme and determined automatically (which might be a point on which you can be fingerprinted, so this would be a privacy concern), we've decided to give the user control through Preferences -> Content -> Colors where you will find a new control to indicate your user preference (it defaults to "light" for everyone). While this control also gives you the option to disable this feature and effectively not support the keyword, be aware that this might cause issues on some websites that do not provide styling for "unspecified" color scheme preferences.
      In the future we may add an "automatic" option similar to other browsers in case you regularly switch your system application style from light to dark and v.v.

    Built with the Unified XUL Platform - April 27, 2021 release.

    Downloads
  • 29.1.1_Release 0487fd6d5c

    Pale Moon 29.1.1 Stable

    Moonchild released this 2021-03-30 08:31:04 +00:00 | 192 commits to master since this release

    This is a minor security and bugfix update.

    Changes/fixes:

    • Updated NSS to fix certificate import and keygen regressions.
    • Removed restrictions for units of width/height attributes on SVG elements.
    • Enabled scrollbar-width CSS keyword by default.
    • Security issues addressed: CVE-2021-23981 and a DiD fix for potential document parser confusion.
    • Unified XUL Platform Mozilla Security Patch Summary: 2 DiD, 9 not applicable.

    Built with the Unified XUL Platform - March 30, 2021 release.

    Downloads
  • 29.1.0_Release 6758ce9877

    Pale Moon 29.1.0 Stable

    Moonchild released this 2021-03-02 10:09:58 +00:00 | 386 commits to release since this release

    This is a development, bugfix and security update.

    New features:

    • Language packs for the following newly-supported languages:
      • Arabic (ar)
      • Chinese Traditional (zh-TW)
      • Croatian (hr)
      • Danish (da)
      • Finnish (fi)
      • Galician (gl)
      • Indonesian (id)
      • Icelandic (is)
      • Japanese (ja)
      • Romanian (ro)
      • Serbian (cyrillic) (sr)
      • Slovenian (sl)
      • Thai (th)
    • Implemented String.prototype.replaceAll().
    • Implemented JSON superset proposal.
    • Implemented well-formed JSON stringify.
    • Implemented numeric separators in JavaScript.

    Changes/fixes:

    • Updated timezone data to 2021a.
    • Updated the wording and inclusion of more select license blocks in about:license.
    • Updated some site-specific user-agent overrides for web compatibility.
    • Updated the lz4 library for performance and security updates.
    • Improved performance of JSON stringify.
    • Further improved support for building on FreeBSD.
    • Fixed a regression where changes to useragent compatibility required a restart to take effect.
    • Fixed a regression where AES-GCM in WebCrypto ("subtle" crypto API) wasn't working.
    • This could make certain login procedures fail to work.
    • Fixed a full browser deadlock when page scripting would flood browsing history with rapid location state changes.
    • Disabled AV1 codec use by default again since our implementation has significant streaming issues (particularly audio) that needs further work.
    • Added required interaction with file/folder open dialog boxes on html file input elements on some operating systems to avoid malicious content tricking users into uploading sensitive files unintentionally (related to CVE-2021-23956).
    • Added a font sanity check to avoid triggering a potential vulnerability on unpatched Windows operating systems (related to CVE-2021-24093).
    • Security issues addressed: CVE-2021-23974, CVE-2021-23973 and several memory safety hazards that don't have CVE numbers.
    • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 2 DiD, 19 not applicable.

    Built with the Unified XUL Platform - March 2, 2021 release.

    Downloads