- Sep 5, 2017
- 1,195
28.9.0.1 (2020-03-25)
This is a small update to address a breaking issue with user-agent override strings, causing problems on certain websites for a number of our users.
v28.9.0 (2020-03-24)
This is a major development update.
New features:
Download: Pale Moon for Windows downloads
This is a small update to address a breaking issue with user-agent override strings, causing problems on certain websites for a number of our users.
v28.9.0 (2020-03-24)
This is a major development update.
New features:
- Implemented asynchronous iterators (await iterator.next() and for await loops) (ES2018)
- Implemented promise-based media playback.
- Implemented non-standard legacy CSSStyleSheet rules functions.
- Implemented the html5 <dialog> element. To switch this on, flip dom.dialog_element.enabled to true.
- Implemented the optional hiding of pinned tabs in CtrlTab/AllTab panes. (controlled through the preferences browser.ctrlTab.hidePinnedTabs and browser.allTabs.hidePinnedTabs)
- Added 1.25x playback speed to html media elements.
- Added a hidden pref (browser.places.smartBookmarks.max) to control the sizes of default smart bookmarks categories.
- Aligned document.open() with the overhauled specification.
- Aligned the way DOM styles are computed with mainstream browser behavior.
- Removed the (unused) DOM promise implementation.
- Enabled seeking to next frame in media files.
- Enabled dynamic UA updates for emergency use.
- Implemented rule processing stub for font-variation-settings.
- Increased the maximum XML nesting depth to 2048 levels for extreme corner cases and to conservatively align with other browsers.
- Improved the privacy of geolocation lookup calls, with thanks to a generous service donation from ip-api.com
- Improved reporting of the operating system in site-specific user-agent overrides.
- Improved table drawing performance again after the rewrite for sticky positioning making it slower.
- Updated CSP processing to allow custom scheme wildcards to be specified without a port.
- Aligned the behavior of outlines with other browsers when dealing with CSS-repositioned elements.
- Changed the way hardware acceleration is controlled from the application.
- Changed the default monospace font for main languages from Courier New to Consolas.
This provides a more balanced font for fixed-width text that is slightly more condensed and more in line with the naturally compacter variable-width fonts used everywhere else. - Changed the browser's behavior when restoring tabs from previous sessions. To prevent stale pages, it will now by default perform a "soft refresh" of the page instead of drawing it purely from cache without checking if the page needs updating. If you prefer the old behavior, set browser.sessionstore.cache_behavior to 0 in about:config.
- Updated NSPR to 4.24 and NSS to ~3.48.1-RTM, removing the previous custom patch level with NSS being able to support custom rounds for DBM now.
For extensive release notes with all NSS changes, see NSS_Releases - Implemented an NSS performance optimization for Master Password use with limited effect.
- Fixed some potential crashing scenarios with WebGL on Linux.
- Completely removed showModalDialog.
- Disabled some logging in production builds.
- Removed various gadgeteering/redundant/dead DOM APIs (casting/presentation, FlyWeb)
- Removed support for a number of critical libraries being system-supplied.
- Removed "Copy raw data" button from the troubleshooting information page, since it's never used by us in that format, and users mistakenly keep using it instead of copying text.
- Removed a bunch of Android and iOS support code.
- Fixed an issue with form elements sometimes being incorrectly disabled.
- Fixed several crashes.
- Fixed an issue with Captive Portal detection sometimes firing even when disabled by the user.
- Performed various tree-wide code cleanups.
- Backed out a large code cleanup patch for causing subtle issues in website operation (e.g. WordPress). This will have to be revisited later; the reintroduced code is not in use in practice.
- Cleaned up the application updater code.
- Fixed a potential pointer issue in cubeb. DiD
- Disabled allowing remote jar: URIs by default for security reasons. If you need this functionality for your non-standard environment, you can enable it with the preference network.jar.block-remote-files, but please consider moving away from this method of providing web-based applications.
- Removed a potentially dangerous and otherwise ineffective optimization from the JavaScript engine.
- Fixed unwanted behavior where created/focused pop-up windows could potentially cover the DOM fullscreen notification, hiding it from users. (CVE-2020-6810)
- Fixed an issue where copying data as a curl request from developer tools would not properly escape parameters. (CVE-2020-6811)
- Updated our sctp library code with several upstream fixes.
- Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 3 already mitigated, 1 rejected, 11 not applicable.
Download: Pale Moon for Windows downloads