Palemoon updated to v27.1.

Discussion in 'other software & services' started by The Red Moon, Feb 9, 2017.

  1. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    This is a major development and bugfix/security update to the browser.

    A few important notes first off:
    1. This version introduces the so-called "PMkit" modules, our effort to restore most compatibility with Firefox Jetpack/SDK extensions and making it possible for extension developers to convert their Firefox SDK extensions with little effort to a Pale Moon compatible format. For more details please check the PMkit documentation on the Pale Moon developer wiki.
    2. Linux: After working through some serious issues with stability to a level that we had to revoke permission for official branding on the Pale Moon packages in the Debian/Ubuntu package repositories on OpenSUSE.org, I'm happy to announce that those distributions can be continued as normal at this time. If you had an older package for the previous version still in use, this should automatically update to the 300% more stable version v27.1 once publication is complete.
      Please do keep in mind that despite this, we can't provide support for builds that are distributed as contributed binaries that were not built by us, and you will always have to contact the specific package maintainers for support.
    3. Language pack users should have been served updates to their language packs already that are compatible with both 27.0 and 27.1 - if not, this should happen during upgrading. If for some reason this still doesn't happen, be aware that you should update your language pack to the current version. We've also added 2 more languages: British English and Korean!

    Changes/Fixes:

    • Reworked the media back-end completely (thanks Travis!) to use FFmpeg (including support for FFmpeg v3 and MP3 playback) and our own MP4 parser, and no longer relying on gstreamer on Linux, as well as adding some improvements on Windows for media parsing and playing.
    • On Linux, Apple .mov files of the correct type will also be played through FFmpeg now, for those rare occasions where they are still in use, considering there is no Quicktime plug-in available on that operating system.
    • Restored the classic about:config styling.
    • Added a fallback to US-ASCII if the autoconfig UTF-8 conversion fails.
    • Improved cross-compartment wrapper handling when managing a large number of tabs (fixes a performance regression with v27).
    • Changed the way audio and video synchronization is calculated to account for (slow) device latency, preventing things from getting out of sync on e.g. BlueTooth-connected speakers.
    • Changed the way scripts are handled when they are stopped from the "unresponsive script" dialog, to prevent browser lockup. We will now stop all scripts in the affected compartment in one go.
    • Fixed several errors in the devtools.
    • Fixed a nasty crash caused by cross-origin referrers.
    • Fixed the installer to allow 64-bit versions of the browser to be installed on Vista again.
    • Added HTML5-spec clipboard handling for content (cut&copy only -- paste is not allowed for security reasons).
    • Made multiple changes to the toolkit jetpack modules to cater to PMkit extensions.
      This should make running SDK-based extensions as PMkit extensions fairly simple for extension developers. See the introductory text to these release notes.
    • Fixed a css layout issue: make max-width affect contributions to intrinsic min-width.
    • Implemented several updates to the permissions manager. Among others, Improved the permissions manager (about:permissions) with a more complete set of permissions for pages.
    • Removed otherwise unused Metro browser platform/widget code.
    • Removed support for non-standard/deprecated let blocks and expressions.
    • Made the use of let as a keyword versionless and ES6 compliant.
    • Made the privacy category in preferences a tabbed setup to better fit the current options.
    • Fixed a regression preventing certain MP4 video files from playing.
    • Fixed a regression where seeking in media files would halt playback/jump to the end of the stream.
    • Fixed a crash caused by certain downloadable fonts with DirectWrite in use.
    • Improved downloads-button indicator legibility on some combinations of Windows versions and system theme colors.
    • Changed the Facebook user-agent override to be our native one, based on reports from users that it is (finally) working acceptably.
    • Fixed site-specific useragents being ignored if a global override is defined.

    Security/privacy changes:

    • Changed CORS handling to allow data: sources, assuming they are same-origin. This should fix the infamous "Facebook endless reload" issue and may make some other sites that assume this particular (unspecified) CORS behavior happy with Pale Moon.
    • Reinstated the network.stricttransportsecurity.enabled preference so people who choose privacy over HSTS can do so again.
    • Added, In HSTS "off" state, prevention of HSTS site status from being written to disk.
    • Updated the IDN blacklist with more extended unicode characters that "look very similar to" normal ASCII characters, to prevent spoofing of well-known domains. If blacklisted characters are found, the IDN domain name will be displayed in its punycode form. (CVE-2017-5383 and similar)
    • Fixed an exploitable crash when using MP4 video. (CVE-2017-5396)
    • Fixed an exploitable crash in XSL parsing. (CVE-2017-5376)
    • Fixed a potential security issue when exporting certificates with specially-crafted credentials. (CVE-2017-5381)
    • Fixed a potential use-after-free situation in frame selection. (CVE-2017-5380) DiD
    • Fixed a leak of window details through the Ion compiler in certain situations.
    • Fixed the potential for an exploitable crash involving Javascript GC. DiD
    • Fixed a potential overflow situation in (non-released) WebRTC code. DiD
    • Fixed a potentially unsafe situation in websockets. DiD
    • Fixed several memory and other safety hazards (BMO bugs 1318766, 1325877, 1328834 DiD, 1288561 DiD, 1322420 DiD, 1293327 DiD, 1322315, 1325344, 1285960).

    DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
     
  2. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Thanks. :thumb:
     
  3. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    Your welcome dave.
     
  4. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Well, Pale Moon is now back to officially being my default browser. At the moment no other browser can do everything I want without some form of problem.
     
  5. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Sounds good but know knows?
    What's behind the company.

    I think it is a placebo effect.
     
    Last edited: Feb 12, 2017
  6. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
  7. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Do you think there would be a straight answer? :eek:
    Sad there are so many boot lickers
     
  8. Brian K

    Brian K Imaging Specialist

    Joined:
    Jan 28, 2005
    Posts:
    12,115
    Location:
    NSW, Australia
    To what question?
     
  9. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Must be the placebo effect.
     
  10. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    Whenever i have had a problem with palemoon which is seldom,i have found moonchild to be courteous and has always tried to help.i think its very rare that you can contact a browser developer like this.

    no placebo effect.
    PM does not contain the mozilla bloat.
     
  11. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,718
    I myself am considering going back to PM, just installed it in Xubuntu and about to configure it, let's see.
     
  12. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    How does it run on Linux? I have a feeling that I may be swapping Firefox on Ubuntu soon. Otherwise I'll have to run Chrome :eek:.
     
  13. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    Runs fine on my linux system.
     
  14. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,718
    It runs fine, opens quicker and uses less CPU than FF, it's stable.
    I've only been using it for a couple of hours though, but so far positive note.
     
  15. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    OK thanks. I've noticed that there's an Ubuntu version.

    palemoon4ubuntu.png
     
  16. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    OK thanks.
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    My too, browser of choice and is a prize.

    Over 2 years with this puppy and tight as a torqued wheel and safe.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.