Pale Moon Releases

Discussion in 'other software & services' started by hayc59, Nov 22, 2016.

  1. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    thank you
     
  2. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    459
    Location:
    Neo Tokyo
  3. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,313
    Pale Moon v28.3.0 Released (2019-01-15)
    Release Notes
    Download
    Changes/fixes:
    • Added AV1 support for MP4/MSE videos. Please note that this is a reference library implementation and the upstream decoding lib currently has poor performance for higher resolutions (720p+). This is disabled by default; use the about:config preference media.av1.enabled to enable this codec.
    • Changed the API used for video playback with FFmpeg 58+. This should solve performance issues with VPx.
    • Redesigned the main toolbar icons as SVG images to make them HiDPI compliant.
    • Fixed the sync notification (infobar) icon.
    • Fixed a potential cycle collector resource leak.
    • Added icons and controls to tabs to indicate if sound is playing the tab and if so, allowing the user to mute it with a click.
      This is a native implementation of the API in use in Basilisk and performs the same function as the "expose noisy tabs" extension, although the extension may still be preferred by some for e.g. skinning capabilities. The feature may be disabled with browser.tabs.showAudioPlayingIcon.
    • Removed support for VR hardware.
    • Fixed out-of-bounds sizes for CSS calculation strings.
    • Removed the DirectShow component since it is no longer necessary.
    • Removed Firefox Accounts integration, phase 1:
      • Changed the Sync client to the one from Tycho.
      • Made Sync optional at build time.
    • Stopped trying to cater to addons.mozilla.org since they no longer offer anything useful to Pale Moon after the Great XUL Extension Purge™.
    • Added an option to process favicons for optimal sized display and removing animations. Enable this with browser.chrome.favicons.process
    • Fixed an incorrect preference reference in feed reader.
    • Fixed an issue with lazy frame construction on display:contents elements. This should solve e.g. the use of mathjax in comments on stackoverflow.
    • Media code improvements and cleanup (ongoing).
    • Updated the DropBox useragent override to solve login issues.
    • Fixed potential crashes due to shutdown observers in VTT and font lists. DiD
    • Enabled some mistakingly-disabled optimizations in the JS JIT compiler.
    • Fixed several potential crashes in JS. DiD
    • Fixed several potential crashes in WebCrypto. DiD
    • Fixed a potential crash in JS Range Analysis. DiD
    • Fixed a potential crash in the layout engine due to combo boxes. DiD
    • Fixed a potential shutdown crash in non-standard environments related to 2D Canvas. DiD
    • Fixed a potential overflow in the PNG writer. DiD
    • Fixed a potential double-free in the MAR signing utility. DiD
    • Fixed an issue where URLs could be extracted cross-origin (CVE-2018-18494).
    • Updated NSPR to v4.20.
    • Updated NSS to 3.41, providing (among other things) full compatibility with the final version of TLS 1.3 on websites.
    • Updated location.protocol to the latest spec.
    • Updated Intersection Observers to the latest spec and enabled them by default.
    • Updated the SQLite lib to 3.26.0.
    • Fixed errors about the login manager's recipeManager not being available (yet).
    • Switched status bar download arrow to SVG.
    • Fixed a crash in IntersectionObservers.
    • Fixed initialization of the Search service from browser code to avoid synchronous init.
    • Added logging of performance warnings to devtools consoles.
    • Fixed favicons in taskbar tab preview listings.
    • Blocked Comodo IS dll < version 6.3 to prevent startup crashes.
    • Fixed issues in the HTML form submit observer module.
    • Limited resolving depth of CSS variables to a sane maximum (fixes cras.sh issue).
    • Removed Mozilla's proprietary constructor on WebAudio's AudioContext, aligning it with the standard specification.
    • Exposed the previously hidden preference in about:config for page thumbnail generation (some people prefer this for local privacy).
    • Aligned Element.ScrollIntoView with the DOM specification. This improves, among other things, compatibility with the React framework.
    DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
     
  5. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    thank you
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,313
    You're welcome :)
     
  7. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    459
    Location:
    Neo Tokyo
    Pale Moon v28.3.1 Released (2019-01-23)

    Release Notes
    Download


    This is a minor bugfix and stability release.
    If you are using a language pack, please make sure you have the matching version for this browser version installed. Some strings were added for Captive Portal detection (see below) and outdated language packs will cause blank preference pages.

    Changes/fixes:
    • Improved toolbar icon display for all DPIs on Windows.
    • Disabled the IntersectionObserver API by default while we work on resolving crashes caused by it.
    • Added isIntersecting to the IntersectionObserver API per specification.
    • Added an option to the preferences window to enable Captive Portal detection (Advanced -> General). If your network connection regularly encounters Captive Portals (e.g. using a laptop on the road or other WiFi connections that require login or agreement to terms) then enabling this detection may make your use of such networks more convenient.
      For those worried about privacy: the detection service makes use of our own infrastructure and does not contact third parties like Apple or Google.
     
  8. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    right on and thank you
     
  9. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    459
    Location:
    Neo Tokyo
    don't mention it!
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,313
    Pale Moon v28.4.0 Released (2019-02-19)
    Release Notes
    Download
    Changes/fixes:
    • Removed more telemetry code from the platform.
    • Fixed implementation of the IntersectionObserver API to avoid crashes, and enabled it by default.
    • Switched to the new ffmpeg decode API to avoid dropping of frames.
    • Fixed a buffering issue in the WebP decoder that caused intermittent browser crashes.
    • Improved resource-efficiency for internal stopwatch timers.
    • Improved handling of incorrectly-encoded CTTS in media files, resolving some playback issues of videos.
    • Improved the Cycle Collector and Garbage Collector.
    • Improved fullscreen navigation bar handling in the situation it has focus when switching to full screen.
    • Aligned instanceof with the final ES6 spec.
    • Improved Windows DIB (bitmap) clipboard data handling.
    • Exposed TLS 1.3 cipher suite prefs in about:config in case people want to disable them individually.
    • Allowed empty string on the location.search setter to clear URL query parameters from JS.
    • Added a potential fix for external links not opening in the current window/tab (untested).
    • Enabled C++11 thread-safe statics in the entire application.
    • Updated several preferences for integration with the new add-ons site.
    Security fixes:
    • Fixed a potential use-after-free in IndexedDB code. (DiD)
    • Improved proxy handling to avoid localhost getting proxied. (CVE-2018-18506)
    • Ported upstream Skia fixes. (CVE-2018-18356, CVE-2018-18335)
    • Fixed an additional Skia issue. (CVE-2019-5785)
    • Fixed several potentially-exploitable memory safety hazards and crashes. (DiD)
    • Fixed a possible data race when performing compacting GC.
    DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
     
  11. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    right on and thanks
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,313
    You're welcome. :)
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,313
    Pale Moon v28.4.1 Released (2019-03-26)
    Release Notes
    Download
    v28.4.1 (2019-03-26)
    Changes/fixes:
    • Fixed hover state arrows on some controls.
    • Fixed potential denial-of-service issues involving FTP (loading of subresources and spamming errors).
    • Disabled Microsoft Family Safety (Win 8.1) by default. This prevents security issues as a result of a local MitM setup.
    • Added several site-specific overrides (Firefox Send and polyfill.io) to work around website UA-sniffing isues.
    • Implemented the origin-clean algorithm for controlling access to image resources.
    • Cleaned up the helper application service code.
    • Ported applicable security fixes from Mozilla (CVE-2019-9791, CVE-2019-9792, CVE-2019-9796, CVE-2019-9801, CVE-2019-9793, CVE-2019-9794, CVE-2019-9808 and ZDI-CAN-8368).
    • Implemented several defense-in-depth measures (for CVE-2019-9790, CVE-2019-9797, CVE-2019-9804, and a JavaScript issue).
    • Fixed several memory safety hazards and crashes.
    • Binaries are now code-signed again (including the setup program for the installer).
     
  14. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,084
    Location:
    Italy
    Last edited: Mar 27, 2019
  15. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    right on thank you
     
  16. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    459
    Location:
    Neo Tokyo
    Pale Moon v28.5.0 Released (2019-04-30)

    Release Notes
    Download

    • Redesigned the about box.
    • Added "Check for updates" menu entries to the AppMenu and classic menu (since the About box redesign no longer has application update in it).
    • Restored the app.update.url.override pref for AUS testing/override.
    • Added "Loop" control to html5 video.
    • Fixed a crash with frames (e.g. when using Tile Tabs).
    • Fixed an issue with textarea placeholders (spec compliance).
    • Removed the Windows Maintenance Service one last time.
    • Improved http basic auth DoS heuristics.
    • Fixed an issue on big-endian machines (e.g. PPC64/linux).
    • Removed e10s code from widgets.
    • Preffed the various http "Accept" headers and aligned with the Fetch spec (except for image requests).
    • Aligned URLSearchParams with the spec.
    • Updated several site-specific UA overrides.
    • Fixed "Yet Another special case of a flex frame being the absolute containing block"™
    • Fixed border drawing when the tab bar is hidden.
    • Pref-controlled and disabled the use of unboxed plain objects in JavaScript's JIT compiler.
    • Improved handling of interrupted connections through proxies and pseudo-VPN extensions.
    • Removed contextual identity.
    • Updated the 7zip installer stub to a much more recent code version.
    • Fixed an issue with applying percentages to 0 in layout sizes.
    • Fixed an issue with calculating linear sums in JS JITed code.
    • Added default value feature to get*Pref() preference functions.
    • Fixed an issue that would occasionally overwrite the new tab custom URL.
    • Updated the SQLite library to 3.27.2
    • Killed the crashreporter toolkit files and exception handler hooks.
    • Fixed an issue with a missing border on the tab bar when on the bottom.
    • Fixed a crash with badly-formatted SVG files.
    • Showed the robots to the exit after squatting in the browser for decades.
    • JavaScript: Implemented TC39 toString() revision proposal.
    • Rearchitectured the JavaScript front-end parser to provide better and more logical parsing of JS code.
    • Removed support code and leftovers for unsupported SunOS, AIX, BEOS, HPUX and OS/2 operating systems.
    • Fixed a scrollbar arrow issue on OS X.
    • Removed all Firefox Accounts code.
    • Made the CSS parser more robust and aligned url() behavior with the CSS3 spec in case of bad input.
    • Fixed an issue with blocklist updates not actually dynamically applying due to a wrong URL.
    • Updated the embedded emoji font to the TweMoji v11.4.0 equivalent.
    • Fixed an issue with async/deferred scripts preventing page loads from completing.
     
  17. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    thank you!!
     
  18. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    Got it thank you.!
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,313
    Pale Moon v28.5.1 Released (2019-06-04)
    Release Notes
    Download
    v28.5.1 (2019-06-04)
    Changes/fixes:
    • Restored a global getBoolPref() function shortcut for extension compatibility with old extensions.
      If you are currently using this global function, please change it to Services.prefs.getBoolPref()
    • Fixed an issue with the UI when the address bar was removed from the navigation toolbar.
    • Fixed an issue with scripting of the Help menu.
    • Fixed a crash resulting from non-standard manipulation of XML stylesheets by extensions.
    • Fixed browser.link.open_newwindow functionality.
    • Removed the default handler for webcal since the site doesn't seem to be properly maintained.
    • Prevented some ways smart places queries could be abused for social engineering attacks.
    • Ported an upstream Skia fix.
    • Improved the origin-clean algorithm for canvases.
    • Improved the efficiency of certain types of memory allocations in the JavaScript compiler.
    • Changed the way the application update checker code is hooked up so it will not require a user to go idle before being activated.
      This solves the primary issue with application updates not notifying users as promptly as they should; more improvements are slated for the next major release.
    • Applicable security issues fixed: CVE-2019-7317, CVE-2019-11701, CVE-2019-11698, CVE-2019-9817 (DiD), CVE-2019-11700, CVE-2019-11696, CVE-2019-11693, and several potentially exploitable crashes and memory safety hazards that do not have a CVE number assigned to them.
     
  20. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    Thank you mood
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,313
    You're welcome :)

    Minor update:
    Pale Moon v28.5.2 Released (2019-06-05)
    Release Notes
    Download
     
  22. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,313
    Pale Moon v28.6.0 Released (2019-07-02)
    Release Notes
    Download
    v28.6.0 (2019-07-02)
    Changes/fixes:
    • Implemented String.prototype.trimStart and String.prototype.trimEnd (ES2019)
    • Implemented Array.prototype.flat and Array.prototype.flatMap (ES2019)
    • Implemented Symbol.prototype.description (ES2019)
    • Added support for gzip-compressed SVG-in-Opentype fonts.
    • Updated official branding.
    • Updated reader view components.
    • Added a preference to control the setting of cookies through meta header information (non-standard feature) and disabled by default.
    • Updated ES6 Atomics and re-enabled them.
    • Updated internationalization code to support updated time zones and the Japanese Reiwa era.
    • Updated NSS to a custom version to have better encryption strength for master passwords.
      IMPORTANT: To use this strong encryption and re-key the password database with it, change your master password (can be changed to the same one you already had if desired, but you have to go through the change password process). Depending on your computer and the number of stored passwords, this encryption update may take some time, so please be patient. Please be aware that once re-keyed, the password store will be locked to the new encryption and will no longer be accessible with the master password in older versions of Pale Moon.
    • Restored "Release notes" in the help menu.
    • Rearchitectured the application/extension update code.
    • Added several performance improvements to DOM and the parser.
    • Improved JavaScript garbage collection of dead compartments.
    • Fixed a performance issue with painting on some pages.
    • Improved performance of some websites with complex event regions.
    • Fixed a potential performance issue in display lists on some pages.
    • Fixed a rendering bottleneck for the use of XRender when using a remote session.
    • Fixed graphical artifacts/flickering when using XRender on Intel or Intel-hybrid GPU setups.
    • Added a DiD fix for potential future issues with inlining array natives.
    • Fixed a potential UAF situation in the HTML5 parser (DiD)
    • Fixed an origin-clean bypass issue.
    • Changed the way permissions for predefined sites are loaded.
    • Reverted the 28.5.1 change to treat *.jnlp files as executables (CVE-2019-11696) after input from an Oracle representative. Java Web Start files are not executable and should not be treated any different than regular documents handled by external applications.
    • Removed SecurityUI telemetry.
    • Removed some other dead telemetry code.
    • Removed geo-specific selection of default search engines.
    • Deprecated the use of FUEL.
    • Removed the unused code for "enhanced tiles" in the new tab page.
    • Removed preference to brute-force e10s to on.
    • Removed Unboxed Array code.
    • Removed Unboxed Object code.
    • Fixed failure to print if a page contains a 0-sized <canvas> element.
    • Fixed an issue with tab-modal dialogs being presented in the wrong order.
    • Fixed an issue with the tab bar remaining collapsed in customize mode if normally hidden.
    • Fixed an issue with Sync when choosing to overwrite data with synced data.
    • Fixed an issue with tab previews on the taskbar.
    • Fixed an issue with IntersectionObserver viewport accuracy.
    • Fixed Scroll bar orientation on Mac OS X.
    • Fixed an issue with anchor/link targets not re-using a named target.
    • Fixed a build issue with Gnu-CC on PPC64.
    • Fixed browser.link.open_newwindow functionality.
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,313
    Pale Moon v28.6.0.1 Released (2019-07-04)
    Release Notes
    Download
     
  24. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Thanks!
     
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,313
    Hackers Infect Pale Moon Archive Server With a Malware Dropper
    July 10, 2019
    https://www.bleepingcomputer.com/ne...e-moon-archive-server-with-a-malware-dropper/
    Pale Moon: Data breach post-mortem
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.