DDE_Server

Level 20
Verified
28.9.0.1 (2020-03-25)
This is a small update to address a breaking issue with user-agent override strings, causing problems on certain websites for a number of our users.
v28.9.0 (2020-03-24)
This is a major development update.

New features:
  • Implemented asynchronous iterators (await iterator.next() and for await loops) (ES2018)
  • Implemented promise-based media playback.
  • Implemented non-standard legacy CSSStyleSheet rules functions.
  • Implemented the html5 <dialog> element. To switch this on, flip dom.dialog_element.enabled to true.
  • Implemented the optional hiding of pinned tabs in CtrlTab/AllTab panes. (controlled through the preferences browser.ctrlTab.hidePinnedTabs and browser.allTabs.hidePinnedTabs)
  • Added 1.25x playback speed to html media elements.
  • Added a hidden pref (browser.places.smartBookmarks.max) to control the sizes of default smart bookmarks categories.
Changes/fixes:
  • Aligned document.open() with the overhauled specification.
  • Aligned the way DOM styles are computed with mainstream browser behavior.
  • Removed the (unused) DOM promise implementation.
  • Enabled seeking to next frame in media files.
  • Enabled dynamic UA updates for emergency use.
  • Implemented rule processing stub for font-variation-settings.
  • Increased the maximum XML nesting depth to 2048 levels for extreme corner cases and to conservatively align with other browsers.
  • Improved the privacy of geolocation lookup calls, with thanks to a generous service donation from ip-api.com
  • Improved reporting of the operating system in site-specific user-agent overrides.
  • Improved table drawing performance again after the rewrite for sticky positioning making it slower.
  • Updated CSP processing to allow custom scheme wildcards to be specified without a port.
  • Aligned the behavior of outlines with other browsers when dealing with CSS-repositioned elements.
  • Changed the way hardware acceleration is controlled from the application.
  • Changed the default monospace font for main languages from Courier New to Consolas.
    This provides a more balanced font for fixed-width text that is slightly more condensed and more in line with the naturally compacter variable-width fonts used everywhere else.
  • Changed the browser's behavior when restoring tabs from previous sessions. To prevent stale pages, it will now by default perform a "soft refresh" of the page instead of drawing it purely from cache without checking if the page needs updating. If you prefer the old behavior, set browser.sessionstore.cache_behavior to 0 in about:config.
  • Updated NSPR to 4.24 and NSS to ~3.48.1-RTM, removing the previous custom patch level with NSS being able to support custom rounds for DBM now.
    For extensive release notes with all NSS changes, see NSS_Releases
  • Implemented an NSS performance optimization for Master Password use with limited effect.
  • Fixed some potential crashing scenarios with WebGL on Linux.
  • Completely removed showModalDialog.
  • Disabled some logging in production builds.
  • Removed various gadgeteering/redundant/dead DOM APIs (casting/presentation, FlyWeb)
  • Removed support for a number of critical libraries being system-supplied.
  • Removed "Copy raw data" button from the troubleshooting information page, since it's never used by us in that format, and users mistakenly keep using it instead of copying text.
  • Removed a bunch of Android and iOS support code.
  • Fixed an issue with form elements sometimes being incorrectly disabled.
  • Fixed several crashes.
  • Fixed an issue with Captive Portal detection sometimes firing even when disabled by the user.
  • Performed various tree-wide code cleanups.
  • Backed out a large code cleanup patch for causing subtle issues in website operation (e.g. WordPress). This will have to be revisited later; the reintroduced code is not in use in practice.
  • Cleaned up the application updater code.
Security-related fixes:
  • Fixed a potential pointer issue in cubeb. DiD
  • Disabled allowing remote jar: URIs by default for security reasons. If you need this functionality for your non-standard environment, you can enable it with the preference network.jar.block-remote-files, but please consider moving away from this method of providing web-based applications.
  • Removed a potentially dangerous and otherwise ineffective optimization from the JavaScript engine.
  • Fixed unwanted behavior where created/focused pop-up windows could potentially cover the DOM fullscreen notification, hiding it from users. (CVE-2020-6810)
  • Fixed an issue where copying data as a curl request from developer tools would not properly escape parameters. (CVE-2020-6811)
  • Updated our sctp library code with several upstream fixes.
  • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 3 already mitigated, 1 rejected, 11 not applicable.
Release Notes: Pale Moon - Release Notes
Download: Pale Moon for Windows downloads
 

CyberTech

Level 31
Verified
Pale Moon 28.11.0 changelog:
  • Changed storage format for certificates and passwords to SQLite.
  • Added a preference (browser.tabs.insertAllAfterCurrent) to enable always adding new tabs after the current tab, whether related or not.
  • Changed the way Firefox extensions are displayed in the add-on manager (provide a clear warning).
  • Denied other types of add-ons that aren't explicitly targeting Pale Moon's ID.
  • Improved the browser's DPI-awareness to be per-monitor instead of system-wide, on supported Windows operating systems.
  • Updated bookmark backups code with the other half of what should have been done way back when, so they work fully as-intended.
  • Added a preference (browser.bookmarks.editDialog.showForNewBookmarks) to enable immediately showing the edit dialog for new bookmarks.
  • If set to true, clicking the star in the address bar will pop open the edit dialog immediately for changing details/sorting.
  • Fixed the useragent string in native mode, and updated UA code to properly respond to live changes to some preferences.
  • Tidied up front-end browser JavaScript.
  • Changed the way sources are compiled (on-going de-unification).
  • Improved compatibility with gcc v10
  • Removed support for the obsolete and unmaintained NVidia 3DVision stereoscopic interface.
  • Fixed some build issues in non-standard configurations.
  • Fixed wrong positions when calculating the position for position:absolute child inside a table.
  • Aligned file name extension of saved url files with other applications (lower case)
  • Fixed building with --disable-webspeech (to disable speech synthesis)
  • Added global menubar support for GTK.
  • Implemented node.getRootNode
  • Implemented AbortController (Abort API)
  • Improved the uninstaller to use elevation when prudent and actually remove program files.
  • Fixed a rare issue with editable page content.
  • Fixed a crash related to ES module scripts.
  • Aligned ES module scripting better with the current spec and removed eager instantiation.
  • Fixed a potential issue with the JPEG encoder. (CVE-2020-12422) DiD
  • Fixed a potential issue with AppCache manifests. DiD
  • Fixed a potential crash in JavaScript date parsing.
  • Fixed a problem with RSA key generation that would make it potentially vulnerable to side-channel attacks. (CVE-2020-12402)
  • Fixed a potential crash due to multithread race condition. DiD
  • Fixed a correctness issue in URL handling. (CVE-2020-12418) DiD
  • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 4 defense-in-depth, 10 not applicable.
 
Top