Muutoshistoria ohjelmalle Pale Moon Portable
Muutokset v27.7.1 - v27.7.2
Muutokset v27.6.2 - v27.7.1
Muutokset v27.6.1 - v27.6.2
Muutokset v27.6.0 - v27.6.1
Muutokset v27.5.1 - v27.6.0
Muutokset v27.5.0 - v27.5.1
Muutokset v22.214.171.124 - v27.5.0
Muutokset v27.4.1 - v27.4.2
Muutokset v27.4.0 - v27.4.1
Muutokset v27.3.0 - v27.4.0
Muutokset v27.2.1 - v27.3.0
Muutokset v27.2.0 - v27.2.1
Muutokset v27.1.1 - v27.1.2
Muutokset v27.1.0 - v27.1.1
Muutokset v27.0.3 - v27.1.0
Muutokset v27.0.2 - v27.0.3
Muutokset v27.0.1 - v27.0.2
Muutokset v27.0.0 - v27.0.1
Muutokset v26.5.0 - v27.0.0
Muutokset v26.4.0 - v26.5.0
Muutokset v26.3.3 - v26.4.0
Muutokset v26.3.2 - v26.3.3
Muutokset v26.3.0 - v26.3.1
Muutokset v26.2.2 - v26.3.0
Muutokset v26.2.1 - v26.2.2
Muutokset v26.1.1 - v26.2.1
Muutokset v26.1.0 - v26.1.1
Muutokset v26.0.3 - v26.1.0
Muutokset v26.0.2 - v26.0.3
Muutokset v26.0.0 - v26.0.2
Muutokset v25.8.1 - v26.0.0
Muutokset v25.8.0 - v25.8.1
Muutokset v25.7.3 - v25.8.0
Muutokset v25.7.2 - v25.7.3
Muutokset v25.7.1 - v25.7.2
Muutokset v25.7.0 - v25.7.1
Muutokset v25.6.0 - v25.7.0
Muutokset v25.5.0 - v25.6.0
Muutokset v25.4.1 - v25.5.0
Muutokset v25.4.0 - v25.4.1
- This is a small but important update to the previous major release to address some critical issues:
- Fixed loss of the browser's disk cache on startup due to incorrect corruption detection logic
- Fixed a browser crash on some HTML5 games
Muutokset v25.3.2 - v25.4.0
- Updated SQLite from 3.7.17 to v126.96.36.199, improving history/bookmark/etc. performance by up to 50% depending on operation
- Added a new "mixed-mode" state for HTTPS connections. Clarified mixed-mode connections with a mixed-mode padlock and better tooltips.
- Added a conditional partial shading to the URL bar and made it default (shading only on secure sites, no red shading at all by default).
- Dev: Fixed file system mode flags for *nix systems, to make executable files like scripts actually flagged as executable
- Added native IPv6 lookups to NSPR to solve IPv6-only and dual-stack setups in some situations
- Added a pref to control the unloading of idle plugins from memory and lowered the default "idle" time to 60 seconds before plugins are unloaded
- Fixed version strings for e.g. flash on Linux being displayed with commas instead of periods - this should also fix the incorrect "your plugin is vulnerable" message while being on the latest version
- Windows: Set the double-click/Ctrl+arrow word selection to not eat the space (only select the actual word)
- Android: DNS fix for VPN connections, preventing the "server not found" issues people have been reporting for certain VPN providers on mobile
- Updated a number of trusted root certificates, and distrusted the CNNIC root certificate by popular demand
- Linux: Worked around the slice memory allocator not being properly disabled on later GLib versions
- Android: updated the random number generator handling on later versions of Android
- Added fix to prevent spurious re-paints with plugins (performance/UX improvement)
- Removed the plugin check link from the Addons Manager, since it's no longer reliable and not officially available for browsers except Mozilla Firefox. (Bonus: no user profiling/tracking through optimizely!)
- Optimized the NSS callback for secure connections
- Updated the domains that are whitelisted for installation of extensions/themes/personas, streamlining the use of addons.palemoon.org
- Added personas support to titlebar text (adopt the lightweight theme's coloring/shading) in custom titlebar mode (Pale Moon appmenu/button)
- Added display of HTTPS protocol (SSL/TLS) to the page info window (thanks Travis!)
- Improved certificate display: Removed MD5 and added SHA256 fingerprint, and made them selectable/copyable
- Updated classification of secure connections: Classify any encryption with less than 128 bits or including RC4 (if manually enabled, see previous version notes) as weak.
- Dev: Added availability of the full ciphersuite string for use in extensions to the nsISSLStatus interface (nsISSLStatus.cipherSuite)
- Added MAKE_UNLINKABLE to the about: page redirector and added that as default for the reader mode on Android
- Removed the compilation and inclusion of a one-time-use pre-compiled startup cache in omni.ja, reducing overall application size significantly and avoiding a number of quirks of both the build process and the operation of the browser
- Fixed an NVIDIA specific GLX server vendor bug for pixmap depth and fbConfig depth
- Removed most telemetry code, reducing code complexity and wasted CPU
- Linux: Added OSS support (mutually exclusive with ALSA): configure with --enable-oss
- Made DNS caching a lot less aggressive to align the browser's behavior with the dynamic nature of the modern web.
- Removed Mozilla-specific parameters for searches. Search suggestions should now work again for Google searches
- Added the option to allow users to use a fixed (JSON) file-based geolocation response in favor of a GeoIP service.
- Dev: Improvements to Clang builds (thanks Axiomatic/BitVapor!). Clang is not currently producing stable builds on Linux, so please use GCC for that operating system.
- Linux: removed GnomeVFS that's no longer in use
- Fixed the "double padlock while loading a secure site" niggle in the UI
- Dev: added allowance of using -moz-appearance:none on drop-down lists to hide the arrow button (catering to custom styling of the control)
- Added some more ES6 math/number functions:
- Implemented Math.fround(x)
- Implemented Number.isSafeInteger(x)
- Implemented Math.clz32(x)
- Security fixes:
- Fixed several memory safety hazards (UAF/DF/UU); applicable bugs covered by CVE-2015-0815 and CVE-2015-0815
- Fixed CVE-2015-0811 [qcms] heap info leak
- Fixed CVE-2015-0810 clickjacking attacks via a Flash object in conjunction with DIV elements
- Fixed CVE-2015-0801 a variant of CVE-2015-0818
- Fixed CVE-2015-0800 improve randomness of DNS resolver queries on Android
- Fixed CVE-2015-0798 access to privileged URLs through about: redirector
Muutokset v25.3.1 - v25.3.2
- This release is an emergency update to fix crashes that started occurring because of Mozilla improperly signing the extensions and extension updates as offered through the Firefox Add-ons site addons.mozilla.org. Any improperly signed extension would not be able to be installed, and would immediately crash the browser.
- No other changes were made in this release - this is a bugfix for this particular issue only.
Muutokset v25.3.0 - v25.3.1
- Fixed IPv6 DNS resolution regression in some less common cases.
Muutokset v25.2.1 - v25.3.0
- Overhauled WebGL. It now properly supports depth textures, shadow mapping and glow shaders.
- Note that older operating systems or older/embedded video processors may be limited in their support of these features.
- Updated the ANGLE library to a much more current version.
- Removed the crash reporter code completely to improve overall browser responsiveness and operation.
- Please note that a necessary victim of this has been the in-browser (devtools) SPS profiler because of its reliance on crash reporter data-gathering tools.
- Removed the Mozilla Plugin Finder Service (no longer in use @Mozilla).
- Android: removed the Mozilla "product announcements" service.
- Re-added control of the number of concurrent tabs to be restored from a session with browser.sessionstore.max_concurrent_tabs (accepted values 1-10)
- Significantly improved performance and accuracy of date/time/timer handling.
- Significantly improved performance of the creation of DOM elements with plain text content.
- Added several code performance optimizations and bugfixes in SVG, the presentation shell, SCTP, style gradients and CSS parsing routines. (Thanks, Axiomatic!)
- Added an "Open link in current tab" context menu entry on links for UI consistency.
- Updated styling of the browser with personas (lightweight themes) once more to improve display in tabs-on-top mode, improve overall legibility of tab text, and display of inverted close buttons on some controls on dark personas.
- Added a special case check for the Flash plugin version check on Linux failing due to commas instead of periods in the version string.
- Added Windows 10 compatibility in executable manifests.
- Android: Fixed a crash on GL canvas surfaces.
- Fixed incorrect Sync "howto" instruction links from the Sync dialogs.
- Fixed the color of selected tabs in Linux when personas (lightweight themes) are in use that do not match the overall tone of the OS system theme.
- Fixed a bug where the address bar would incorrectly be cleared.
- Fixed padding issues for dropdown lists.
- Fixed DNS lookups so proper record types are requested for IPv4 and IPv6.
- Security fixes:
- Disabled all RC4-based encryption ciphers by default. [More info]
- Fixed several miscellaneous memory safety hazards.
- (applicable bugs related to CVE-2015-0835 and CVE-2015-0836)
- Fixed loading of locally stored DLL files through the internal updater. (CVE-2015-0833)
- Fixed a potential crash point in IndexedDB. (CVE-2015-0831) DiD
- Fixed a double-free situation when using non-default memory allocators and a 0-length XHR. (CVE-2015-0828)
- Note: production builds of Pale Moon were never vulnerable.
- Fixed a crash using DrawTarget in the Cairo graphics library. (CVE-2015-0824)
- Fixed potential reading of local files through manipulation of form autocomplete. (CVE-2015-0822)
- Fixed a potential PNG heap-overflow crash. DiD
- Followed up on research regarding CVE-2014-8639 (see 25.2) and made cookie handling through proxies more restrictive again.
Muutokset v25.2.0 - v25.2.1
- This is a small update to address cookie handling through proxies causing issues for some authenticating proxies in corporate environments
Muutokset v25.1.0 - v25.2.0
- This is an important update after rapid development on the back-end to extend browser capabilities and implement some ES6 draft functions for web programmers, as well as provide some important crashfixes, bugfixes and security updates.
- ES6: Added the following functions:
- Array.prototype.find and Array.prototype.findIndex
- Number.parseInt and Number.parseFloat
- Advanced math functions: hyperbolic sin/cos/tan/asin/acos/atan, hypotenuse, cube root, expm1, log1p, log10, log2, sign and trunc
- Map.prototype.forEach and Set.prototype.forEach
- ES6: Added the following number constants: EPSILON, MIN_SAFE_INTEGER and MAX_SAFE_INTEGER
- ES6: Added the use of binary and octal numeric literals (&b... and &o...)
- ES6: Updated behavior of accessing indexed values in accordance with the spec.
- CSS: Added overflow-clip-box:content-box|padding-box
- DOM: Added table.createTBody() function
- Added a clearer alltabs button for dark personas.
- Added a development tools toggle hotkey (F12)
- IonMonkey on Android: fixed the implementation of AbsI.
- IonMonkey: fixed a bug where actively used objects were discarded.
- Fixed register initialization to prevent incorrect detection of SIMD instructions on some CPUs.
- Optimized some loops in the spell checker to increase performance.
- Simplified cache handling, updated cache parameters to better reflect current web use, and enabled automatic cache sizing by default.
- Adjusted memory cache sizing to better reflect capacities of current hardware.
- Updated UserAgent override workarounds for Netflix and FaceBook to fix some site issues.
- Aligned programmatic access to geolocation with the spec.
- Fixed a crash when being fed a data file (XML) with too deeply nested tags.
- Fixed a crash in HTML5/WebAudio that affected some games.
- Fixed a crash when programmatically collapsing elements.
- Fixed a few non-breaking bugs related to e10s code.
- Fixed text input/padding issues.
- Updated surround downmixing code for Vorbis.
- Improved tolerance in WebAudio for loading multichannel audio files.
- Android: Fixed an issue with Flash, it should now run on more devices.
- Updated the DDG search plugin to make the actual query be the last parameter in the address bar for easy editing after a search has been performed.
- Removed some unused update channel code.
- Updated branding to more clearly indicate Pale Moon's trademark.
- Updated some licensing texts in-browser to properly reflect used code and rights.
- Security/privacy fixes:
- Added a preference network.stricttransportsecurity.enabled to enable or disable the use of HSTS (HTTP Strict Transport Security), allowing users to choose between privacy and security in this matter. (hidden pref)
- Fixed CVE-2014-1589 by whitelisting XBL bindings that may be applied to untrusted content.
- Important: extension developers should read this related thread.
- Fixed CVE-2014-1593.
- Mac: fixed CVE-2014-1595.
- Fixed CVE-2014-8639 by adjusting cookie handling through proxies.
- Fixed CVE-2014-8636.
- Fixed several memory safety hazards that do not have CVE numbers.
Muutokset v25.0.2 - v25.1.0
- This is an important update after rapid development on the back-end to keep pace with the current changes on the web and improve compatibility with websites.
- New feature: multi-line flexbox support.
- Pale Moon now supports more advanced multi-line and multi-column flex elements. This will allow websites to use these elements for easier responsive design of web pages and ordering/layout of multiple elements. This has been on Pale Moon's to-do list for a while but was rather complex to tackle, hence the delay in implementation. This should address layout issues on several recently-updated websites (e.g. the MSN home page).
- New feature: added support for collapsed flex element items.
- Enhanced feature: Content Security Policy (CSP)
- Pale Moon now fully supports the CSP 1.0 specification allowing websites to set restrictions on content to prevent XSS (Cross-site scripting) attacks. Previously, the implementation in Pale Moon was partial, and did not support a number of features, resulting in some websites not rendering properly because Pale Moon was being too strict in enforcing the policy. This should address issues on websites enforcing CSP (e.g. the Dropbox web interface and FaceBook galleries).
- New feature: added support for iframes with inline content.
- Updated the Firefox Compatibility mode version to 31.9.
- With the improvements in rendering and overall feature set, the Firefox Compatibility mode (as presented in the UserAgent string) has been bumped to prevent websites from complaining about "using a too old/unsupported version of Firefox" (e.g. Google websites).
- Pale Moon no longer builds the so-called "media navigator" by default.
- This module provides access to the user's webcam and microphone. Although it can be used for other purposes, in practice this is only used for WebRTC and, in fact, its support (GetUserMedia) is often mistaken for actually supporting WebRTC in a browser (causing errors since Pale Moon does not support WebRTC). No longer including these features reduces input complexity and overhead for a feature not actively used. This also circumvents privacy concerns/confusion like CVE-2014-1586.
- Improved tab handling on lightweight themes (personas) some more to enhance contrast on certain themes and to make the tab hover effect slightly more distinct.
- Fixed oversized/blocky menu arrows on Windows 8.1 in HiDPI mode.
- Fixed incorrect operating system being passed on to addons.mozilla.org.
- Fixed an error being thrown in the error console/web console when opening a new window.
- Removed the NVidia 3D Vision auxiliary utility library.
- This library has been the likely cause for a number of crashes on NVidia cards, and is completely unnecessary for Pale Moon.
- Made the installer less aggressive for file type associations, to prevent "stealing" of globally associated file types.
- Android: improved restoring of session tabs.
- Android: added an option to automatically restore tabs.
- An important thing to note with this new option is the following: with the option enabled, Pale Moon will now automatically restore tabs you had open previously when the app gets suspended (pushed out of memory by other apps, closed by swipe, etc.). The "quit" main menu option, however, completely shuts down your session, unloads Pale Moon from active memory, and tabs will not be automatically restored when you launch Pale Moon again. This is by design. To restore tabs in that situation, use the link from the home screen.
- Fixed memory security hazards CVE-2014-1574 and CVE-2014-1575 security fix
- Fixed CVE-2014-1581. security fix
- Fixed bug 1069584: Bail if a cairo surface is in an invalid state. security fix
- Made sure to initialize surfaces for draw targets. security fix
- Fixed bug 1074280: Use AsContainerLayer() in order to avoid a bad cast. security fix
- Fixed several problems in the HTML parser. security fix
- Improved security of XHR by filtering out types of requests that can potentially be abused. security fix
Muutokset v25.0.1 - v25.0.2
- Added a "Firefox compatibility mode" selection in Options -> Advanced.
- This mode is enabled by default (reluctantly so), because too many websites (including some very big players who, themselves, promote an Open Web...) still use very poor browser detection methods based on arbitrary User Agent string comparisons, not catering to alternative browsers, and the resulting user experience being poor (being presented with mobile site layouts, broken pages, or even being flat-out refused service because someone exercises freedom of choice for web browser used). This should alleviate most, if not all, issues with browser-discriminating websites.
- Improved active tab display on particularly dark personas.
- People using "black" personas/lightweight themes should now have a lot less difficulty distinguishing the active tab.
- Disabled SSL 3.0 by default (to put a muzzle on the POODLE).
- Please note that this may cause issues with some poorly configured web servers (usually ones with a hopelessly broken security setup that do not support TLS 1.2 or secure (re)negotiation of the protocol).
- Fixed add-on update issue (that was preventing update checking through addons.palemoon.org).
- Fixed the redundant redundancy in asking redundantly if the browser would be allowed to ask to install an extension when not on addons.mozilla.org.
- Fixed the internal UA-sniffing insanity that broke devtools in a few different and colorful ways.
Muutokset v25.0.0 - v25.0.1
- Update of the add-on SDK to add missing "Pale Moon" engine entries to lists. This should fix extension compatibility issues for jetpack extensions that otherwise already work with the new GUID.
- About box release notes link corrected
- Fix for VP9 decoder vulnerability security fix
- Fix for direct access to raw connection sockets in http security fix
- Fix for unsafe conversion to JSON of data through the alarm dom element security fix
- Update of NSS to 188.8.131.52-RTM security fix
Muutokset v24.7.1 - v24.7.2
- This is a small bugfix and security update.
- Use (i) icon for error console informational messages instead of (?)
- Properly derive and insert the host of a URL security fix
- Avoid negative audio ratios. security fix
- Release XPCOM timer immediately after firing to prevent a race condition.
- Add is-object check to IonBuilder::makeCallHelper. security fix
Muutokset v24.7.0 - v24.7.1
- Fixed a text rendering issue with the new back-end on overdraw layers when hardware acceleration is in use on Windows. This may also solve some additional small issues in the user interface that weren't present before 24.7.0.
- Fixed the use of Google Maps.
- If you previously used the workaround in 24.7, then please remove the user-set preference (right-click -> reset).
Muutokset v24.6.2 - v24.7.0
- Fixed some performance issues with the new rendering engine on Windows. Rendering should be faster for all objects on hardware-accelerated layers now.
- Font rendering on Direct2D will no longer fall back to greyscale in some situations, preserving ClearType.
- CSS outlines will now properly outline the object, and not the overflow area (e.g. box shadow).
- The delay for hiding the default status has been increased from 10 to 30 seconds to keep it on screen sufficiently long but not permanently.
- Queries for "can play type" on WebM videos now get an HTML5-compliant response ("maybe" instead of "yes" as per the specification when a codec is not included in the request).
- Pale Moon's gecko rendering engine and Firefox compatibility version now properly follows the minor version of Pale Moon again instead of always returning .0 - this should help UA sniffing websites to more easily detect Pale Moon or adapt to further-developed gecko 24 versions.
- When using dark/black personas (lightweight themes), the tab close buttons would be almost invisible. They have been lightened a little to make them clearer.
- Linux: the click behavior on the address bar has been unified with that on Windows, aiming for current-day desktop-clipboard use (select-when-clicked). This is configurable with a preference.
- "In-content" preferences (preferences displayed in a tab instead of the normal dialog box) has been removed because of redundancy and incompleteness.
- Checking for updates from the about box now always puts the user in control and never downloads anything directly from the about box. It will pop up the larger update window when an update is found.
- Google SafeBrowsing, which is defunct, has been removed from the browser. privacy fix
- Made the building of the Web Developer tools optional when compiling Pale Moon through --disable-devtools.
- The Atom-optimized version no longer ships with the Web Developer tools to slim down the browser for limited platforms where these tools are considered generally unneeded.
- Fixed domain highlighting in the address bar. It should no longer randomly lose this formatting when switching tabs or otherwise updating the browser UI.
- Fixed missing click-to-play overlay on some zoom levels for plugins embedded in an iframe.
- Fixed large delays in print enumeration on Windows, especially when printing to file: ports.
- Updated the list of known domain suffixes.
- Updated site-specific user-agent strings to prevent incorrect complaints from websites (google.com, aol.com, etc.) that use poor detection scripts.
- Added granular referer control. See the release announcement on the forum for more details on how to use this.
- Added gr locale to the status bar options.
- Disabled HQ image downscaling. This is a workaround for the broken Mozilla HQ downscaling back-end causing constant invalidations and redrawing if 2 downscaled images with the same source were in view.
- Updated the NSS library to 3.16.2 RTM to address a few critical SSL issues. security fix
- There was a possibility to lose the source frame for raster images if images had to be discarded in low-memory situations. This has been fixed. security fix
- Made refcounting logic around PostTimerEvent more explicit. security fix
- Prevented an invalid pointer state in docloader. security fix
- Added proper refcounting of font faces. security fix
- Android: lots of branding updates to make it more release-ready.
- Android: explicitly set the Pale Moon Sync server in preferences.
- Android: IonMonkey (ARM): guarded against branches being out of range and bail out if so. security fix
- Android: enabled Firefox compatibility mode on Android to allow the installation of extensions from AMO.
- Android: added a "Quit" option to the app menu to properly immediately close the browser.
- Android: IonMonkey (ARM): prevented a performance issue due to clobbering the primary scratch register.
- Android: enabled mobile-specific optimizations to increase performance on mobile devices.
- Android: enabled AES-128 and AES-256 in addition to RC4 for Sync.
Muutokset v24.6.1 - v24.6.2
- A point release to address some further outstanding issues with the overhauled rendering engine.
- Automate rendering back-end selection and use cairo as appropriate.
- This should fix start-up problems on all types of graphics cards regardless of vendor.
- Fix font subpixel rendering in menus when on cairo backend (D2D off)
- Cairo: Prevent falling back to padding when not strictly needed.
- Performance regression fix if D2D isn't used.
- Azure: Use correct device offsets.
- Prevent crashes due to the allocation of source surfaces to errored surfaces
- This prevents some miscellaneous browser crashes occurring with cairo on azure.
Muutokset v24.6.0 - v24.6.1
- A quick point release update mainly to address startup crashes.
- Update to address startup crashes if users previously changed the setting for Azure for Content
- Update for texture handling to restore GDI compatibility (should fix some graphics glitches)
- Fix to handle invalid PDF plugin overlay state
- Misc. additional security fixes ported over from Firefox (bug #s 991981, 995679, 999651, 1009952, 1011007)
Muutokset v24.5.0 - v24.6.0
- Allow animated personas (lightweight themes)!
- You will need to set a preference for this, since enabling animated personas causes a small but noticeable performance loss upon start-up.
- To enable animated personas, go to about:config and set lightweightThemes.animation.enabled to true, then reload your persona.
- Fix regularly occurring browser crashes with hardware acceleration enabled on DirectWrite 6.2/6.3 (Win 7 with Platform Update, Windows 8/8.1).
- Most notable on computers equipped with NVidia cards, this combination of hardware and software would be cause for regular but intermittent crashes due to an issue with hardware acceleration. As part of the overhaul, this should now be fixed.
- Fix font rendering issues on DirectWrite 6.2/6.3, especially on legacy AMD hardware. (KB2670838 issues).
- A very long-standing issue that was already partly mitigated in Pale Moon should now be completely eliminated as part of the overhaul.
- Fix Windows version detection issues on Windows 8.1.
- Since Microsoft changed basic parts of the Windows API in Windows 8.1, operating system detection would indicate an incorrect WINNT version number (6.2 instead of 6.3) on Windows 8.1. This would show in e.g. the UserAgent.
- Shuffle reported plugin installation order to confuse trackers.
- Part of browser fingerprinting is the reported installation order of installed plugins in browsers. Pale Moon will now shuffle the reported order of installed plugins when enumeration is asked for, which will make it more difficult for tracking sites to individually track you. Please do note that some of the "fingerprinting tests" out there will report you as more uniquely identifying, but that is by design! This mitigation is not reducing your entropy, it is increasing it - but providing a different fingerprint each time, invalidating the fingerprints of both your presence and others' for trackers.
- Clean up jumplist icons so they no longer pile up on disk on some systems (also a privacy concern).
- On some systems, jumplist shortcut icons would not be deleted properly, causing them to pile up in the jumplist cache folder. The problem with this is both disk space (you could have many thousands of icons) and privacy (the icons would have a date and time, and would visually indicate which sites were visited)
- Change the sync server to a (new) Pale Moon sync server.
- As part of rolling out Australis, the Mozilla Corporation decided to also push out a new version of Sync which acts more like Google Accounts/Chrome sync, requiring a "Firefox Account". This new sync (1.5) is not compatible with older versions of Firefox or with Pale Moon, and Mozilla will also be phasing the old sync service out on the short term. As a result, I've been forced to start providing my own sync service, which will now be the default choice when you set up sync in the browser. Please carefully read the terms of service if you intend to use it.
- Update the status bar code: Full-screen HTML5 video will no longer have status pop-ups overlaid.
- Full-screen HTML5 video would receive pop-up status messages (if the full-screen setting to that effect was enabled). This would detract from the user's viewing pleasure. Full-screen video will now get special treatment and suppress the pop-up status. Note that full screen pop-up status will still be enabled by default on other types of content (e.g. full-screen HTML5 image galleries, etc.), unless you explicitly disable it in the status bar options.
- Add code to selectively ignore "autocomplete=off" on signon input fields.
- A good number of sites have added a restriction on signon (login) input fields to prevent autocompletion storage of those fields' content, in an attempt to "increase security". A few issues with this:
- By forcing people to type the password each time, people are likely going to choose short and weak passwords.
- The premise behind it seems to be that the websites "do not trust password managers" that the user has installed. It's not up to a website to decide this; Pale Moon puts you back in control.
- The argument that credentials are stored automatically and compromise users' security that way doesn't apply, since storing passwords in Pale Moon is always an opt-in choice.
- Code has been added to selectively ignore this autocompletion restriction so the Pale Moon password manager can effectively do its job.
- Linux: reduce gstreamer CPU overhead.
- There have been reports of excessive CPU usage when using gstreamer video playback on Linux. This should now be fixed.
- Fix styled HTML buttons to address misaligned button contents (wrong baseline).
- There was a bug in the Firefox layout engine causing styled input form buttons (as used by e.g. the Google Accounts chooser) to be misaligned vertically, specifically if a height was explicitly defined on the control. This should now be fixed.
- Fix an old IonMonkey bug resulting in incorrect math results in some cases.
- Some vector operations would intermittently yield incorrect results if the IonMonkey JIT compiler was used to speed up execution. This has been a problem in IonMonkey for quite a while but the bug wasn't hit very often. This should now be fixed, and correct, repeatable results can be expected.
- Improve the performance of editor initialization.
- Slightly speed up initialization of the editor.
- Update the Pale Moon icon for better display on lower color depths.
- Thanks to the efforts of a fellow Pale Moon user, the Pale Moon windows icon file has received work to display better on low and medium color depth displays (e.g. over RDP or similar)
- Media: use a simpler way to discard superfluous audio packets.
- This should help against audio/video desynchronization in some rare cases.
Muutokset v24.2.2 - v24.4.0
- Bugfix: the new status bar code in 24.4.0 had a bug, preventing the downloads panel/window from opening when clicking on the download status indicator. There may have been a few other, similar small usability bugs in the same code that have now been fixed.
- Feature update: Selecting "Warn me when closing multiple tabs" in the Options window will now apply both to closing a window and closing other tabs in the tab bar.
- Bug #940714 - Add an RAII class to make synchronous raster image decoding safer.
- Bug #896268 - Use a stateless approach to synchronous image decoding. security fix
- Bug #982909 - Consistently use inner window when calling OpenJS. security fix
- Bug #982957 - Fix crash if certain sweeps run out of memory. security fix
- Bug #982906 - Remove option for security bypass in URI building. security fix
- Bug #982974 - Be paranoid about neutering ArrayBuffer objects. security fix
Muutokset v24.2.1 - v24.2.2
- Implementation of all remaining applicable security fixes from Firefox 26.0 that were not implemented yet in previous versions.
- Update of the Security library (NSS) to 184.108.40.206.
- Fix of new js zone writes/zone barrier bugs.
- The Sync configuration allows users to input their own recovery key again. Please note that letting the browser generate its own secure recovery key is still strongly recommended, as this recovery key should be impossible to guess and of sufficient length and complexity to keep your data safely encrypted.
Muutokset v24.2.0 - v24.2.1
- Fix for some status bar localizations not working and giving an error.
- Implementation of an optimized QuickFind routine.
- Implementation of per-zone user data handling.
- Security fix in the JPEG library.
- Security fix in web workers.
Muutokset v24.1.2 - v24.2.0
- This update implements the following changes:
- Update of the new-tab routine: When opening a new tab, focus will now only be on the address bar if you open a blank tab or the Quick Dial page, and focus will be on the page content otherwise (Pale Moon start page or custom URL).
- Compatibility issues between QuickFind/Find-as-you-Type and HTML5 input fields in forms fixed.
- New advanced feature: Later versions of the Firefox code will automatically place the browser window fully on a visible portion of the screen. If you prefer having the browser window positioned partially off-screen and want to prevent this automatic resizing and repositioning when starting a new session, create a new boolean preference in about:config called browser.sessionstore.exactPos and set it to true.
- Updated the localization of the status bar code with the following locales: en-GB, es-MX, es-AR, it, pl.
- Fix for a security issue with script event handlers.
Muutokset v24.1.1 - v24.1.2
- Update of the NSPR library to 4.10.2 RTM.
- Update of the Security library (NSS) to 3.15.3 (alternative branch) to pick up a number of fixes.
- Fix (finally) of the menu list of tabs when browser.allTabs.previews is set to false. It would stick the top entry, not properly highlight the selected tab, and would generally be unpleasant and stubborn when tabs were moved or closed. This should all be corrected now.
- Additional feature: Previously, tabs would immediately resize to fill the tab bar when you would close them. Mozilla changed this a (long) while back to cater to "rapidly closing multiple tabs without moving the mouse" and to resize you have to move the mouse out of the tab bar. A good number of Firefox/Pale Moon users don't like this behavior, but the fix to make this configurable was in the end rejected by the Mozilla UX team, so I opted for my own implementation in Pale Moon. New pref: browser.tabs.resize_immediately - set this preference to true to immediately resize other tabs when closing a tab.
- Many thanks to David for doing the required research for this feature!
- Rework of the multi-core routine and removal of OpenMP code and the related library (Microsoft's implementation is old, limited, and won't be updated/improved; in addition it prevented some compiler optimizations that could now be used again).
- The accessibility back-end for "Find as you type" has been disabled completely to prevent this setting from breaking websites with HTML5 input fields (not compatible with FAYT).
Muutokset v24.1.0 - v24.1.1
- address connectivity issues with web servers using depreciated encryption methods
Muutokset v24.0.2 - v24.1.0
- MFSA 2013-102 Use-after-free in HTML document templates.
- MFSA 2013-101 Memory corruption in workers.
- MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing.
- MFSA 2013-99 Security bypass of PDF.js checks using iframes.
- MFSA 2013-98 Use-after-free when updating offline cache.
- MFSA 2013-97 Writing to cycle collected object during image decoding.
- MFSA 2013-95 Access violation with XSLT and uninitialized data.
- MFSA 2013-94 Spoofing addressbar though SELECT element.
- MFSA 2013-93 Miscellaneous memory safety hazards.
- Security + cleanup fix: No longer store empty event handlers.
- User interface: Fix for the classic downloads window having a blank title with no running downloads.
- User interface: Fix of the drop-down menu "double entry" in the all-tabs list as-a-menu setup.
- Extensions are now set to automatically update by default. Because many users fail to do the occasional check to see if there are updates available to their extensions, the default is to automatically check and install available updates to extensions from this version forward to give the best possible browsing experience. If you prefer to check manually, make sure to change the setting accordingly in your add-on manager.
- Two SSL ciphers that are considered weak are disabled by default (RSA-RC4-128-MD5 and RSA-RC4-128-SHA). If you are having trouble reaching certain encrypted sites that exclusively use these encryption methods, you should ask the site owners to update their SSL configuration to allow stronger encryption. As a workaround, you can enable the ciphers by installing the Pale Moon Commander add-on and changing the available ciphers there, or by setting security.ssl3.rsa_rc4_128_md5 and security.ssl3.rsa_rc4_128_sha to true in about:config
- New Features:
- When there is a web feed available on a website, Pale Moon will now display a feed indicator on the right side of the address bar to indicate that feeds are available. You can click this icon to subscribe to feeds.
- If you don't want this indicator, set browser.urlbar.rss to false in about:config
- Note: more technical information on the forum!
Muutokset v24.0.1 - v24.0.2
Muutokset v24.0 - v24.0.1
- Fix for unreadable address bar text when visiting a broken or mixed-mode SSL site.
- Fix for an incorrect browser cache size default when first starting the browser. (regression)
- Note: If you have used version 24.0, then please check your Options -> Advanced -> Network tab, and if the cache size is set to "1024", change it back to its default "250" to prevent unnecessary use of disk space and potential slowing of the browser.
- Fix for themes not applying to Private Browsing windows. (regression)
- A small update to the new icon to fix some visual issues with it.
- Reduction of visual friction and CPU usage on some operations by disabling smooth scrolling on it by default (e.g. Home/End keys).
Muutokset v20.3 - v24.0
- Switch to a new Mozilla code base (Gecko 24.0).
- Update of the Pale Moon icon/logo. Special thanks go to Roger Gómez del Casal for providing me with an interesting concept design image to use as a base for it!
- Fixes for all relevant security vulnerabilities.
- Many changes and updates in the rendering, scripting and parsing back-end to provide significant improvements in overall browser performance (including benchmark scores).
- Addition of a number of HTML5 elements, improving overall HTML5 standards compliance.
- Implementation of the webaudio API (most features that are no longer draft).
- Removal of Tab Groups (Panorama). If you actively used this functionality, I have also made an add-on (Mozilla dev sourced) available to restore this feature to the browser.
- Removal of a few additional Accessibility options.
- Inclusion of an updated version of the Add-on SDK and loader to solve recent issues with SDK/Jetpack add-ons.
- Adjustment of the Quickdial "new tab" feature to have better layout.
- Extension of the address bar shading functionality to more clearly indicate when there is a problem with a secure site (red shading on broken SSL/mixed content).
- New way of handling plugins with control on a per-site basis. An extensive description can be found on the forum.
- Restored/maintained a number of features that were removed from recent Firefox versions:
- Graphical tab switching feature with quick search (Ctrl+Shift+Tab).
- Removing the tab bar if there is only one tab present.
- Options for the loading of images.
- More recovery options in the Safe Mode startup dialog box than just nuking your profile.
- Send Link/E-mail Link mail client integration functionality.
- Unification of version numbers. x86 and x64 will from this point forward use the same version number (and icon) without an architecture designation. This will solve potential compatibility issues on new major versions, as well as the superfluous compatibility check when switching between x86 and x64 on the same profile.
Muutokset v20.2.1 - v20.3
Muutokset v20.2 - v20.2.1
Muutokset v20.1 - v20.2
Muutokset v20.0.1 - v20.1
- Update of the libpixman graphics library to improve performance for SSE2 CPUs.
- Some improvements are implemented in the optimized code paths for SSE2 instructions in the libpixman library.
- Change to the "Clear download history" setting for use with the panel-based download manager (classic UI unaffected).
- This change makes the UI clearer for privacy settings, to synchronize the setting for history&download in the preferences dialog box when the new download panel is used (since the new panel uses a history list for downloaded files in the library rather than a separate list). For panel downloads, both settings are now linked. For the classic download, a separate choice can be made for history and downloads as before.
- New changes in Firefox code not included by design in this version of Pale Moon:
- Removal of E4X - Pale Moon will keep this available until the next major release.
- Removal of Places History API for add-ons.
- More add-ons will be able to continue functioning if they make use of these APIs.
- Addition of scoped stylesheet implementation.
- This advocates the use of in-line styling in webpages (using style= parameters on elements instead of using classes and IDs), which is something we have been trying to move away from for some years now! It promotes using messy page code. Let's all keep things clean, shall we?
- Implementation of FHR (Firefox Health Report - advanced usage/app metrics collection and submission).
- Although it would allow users to get a bit more details about what is going on in their browser, the implementation is only partial to begin with, and there's no reason to add a potential privacy issue to Pale Moon in terms of telemetry-under-a-different-name.
- (CVE-2013-1674) Fix for UAF with video and onresize event (crash fix)
- (CVE-2013-1675) Fix for parameters being used uninitialized
- (CVE-2013-1676) Fix for out-of-bounds read in SelectionIterator::GetNextSegment
- (CVE-2013-1679) Fix for heap use-after-free in mozilla::plugins::child::_geturlnotify
- (CVE-2013-1680) Fix for heap-use-after-free in nsFrameList::FirstChild (crash fix)
- (CVE-2013-1681) Fix for heap-use-after-free in nsContentUtils::RemoveScriptBlocker (crash fix)
- Fix for out-of-bounds read crash in PropertyProvider::GetSpacingInternal (crash fix)
- Fix for out-of-bounds read in gfxSkipCharsIterator::SetOffsets
- Fix for assertion failure in nsUnicharStreamLoader::WriteSegmentFun with ISO-2022-JP
- Fix for crash with inline script in an XML doc (crash fix)
- Fix for "ASSERTION: Out of flow frame doesn't have the expected parent" and crash (crash fix)
- Fix for nsScriptSecurityManager::CheckLoadURIWithPrincipal being broken
- Fix for a problem where the IPC Channel could overwrite the stack
- Fix for Crash in MediaDecoder::UpdatePlaybackOffset (crash fix)
- Fix for Crash [@ nsTextFrame::HasTerminalNewline()] with splitText (crash fix)
- Fix for FTP use-after-free crash (crash fix)
Muutokset v19.0.2 - v20.0.1
- Per-window Private Browsing. Learn more.
- Panel-based download manager. See the detailed changelog for more information.
- Ability to close hanging plugins, without the browser hanging.
- Performance improvements related to common browser tasks.
- Pale Moon specific Cairo performance fix for scaling/panning/zooming of HTML5 drawing surfaces.
- Pale Moon specific fixes for performance of drawing elements (gradients, etc.).
- HTML5 canvas now supports blend modes.
- Various HTML5 audio and video improvements.
- Update of the Status Bar code to work with the new code base.
- ECMAScript for XML (E4X) is kept available for add-ons. Note that this will be removed in future versions as E4X is obsolete.
- Developer tools have been enabled by default, considering the code is practically impactless unless actually used.
- Theming has been worked on to provide better contrast on glass/dark themes and to work around styling issues present in v19.
- Updated fallback character sets to Windows-1252.
- Restored legacy function key handling (uplifted from Firefox 22).
- Fixed UNC path handling (Chemspill Firefox 20.0.1).
- Always enable the use of personas, also in Private Browsing mode.
- Experimental: support for H.264 videos (disabled by default)
Muutokset v19.0.1 - v19.0.2
Muutokset v19.0 - v19.0.1
Muutokset v15.4.1 - v19.0
Muutokset v15.4 - v15.4.1
Muutokset v15.3.2 - v15.4
Muutokset v15.3.1 - v15.3.2
Muutokset v15.3 - v15.3.1
Muutokset v15.0 - v15.2
Muutokset v12.2 - v15.0