Pale Moon version 26.x.x

Status
Not open for further replies.
Y

yigido

Thread author
26.5.0 (2016-09-28)
Fixes/Changes:
  • Implemented a breaking CSP (content security policy) spec change; when a page with CSP is loaded over http, Pale Moon now interprets CSP directives to also include https versions of the hosts listed in CSP if a scheme (http/https) isn't explicitly listed. This breaks with CSP 1.0 which is more restrictive and doesn't allow this cross-protocol access, but is in line with CSP 2 where this is allowed.
  • Fixed an issue with the XML parser where it would sometimes end up in an unknown state and throw an error (e.g. when specific networking errors would occur).
  • Improved the performance of canvas poisoning by explicitly parallelizing it.
Security fixes:
  • Fixed a potentially exploitable crash related to text writing direction. (CVE-2016-5280)
  • Made checking for invalid PNG files more strict. Pale Moon will now reject more PNG files that have corrupted/invalid data that could otherwise lead to potential security issues.
  • Changed the way paletted image frames are allocated so the space is cleared before it's used.DiD
  • Fixed a crash in nsNodeUtils::CloneAndAdopt() due to a typo. DiD
  • Fixed several memory safety issues and crashes.
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

https://www.palemoon.org/
 
Y

yigido

Thread author
Pale Moon is changing!

As we are getting closer to the major new release that will be Pale Moon 27.0, there are some things that the majority of our users may not be aware of yet, so this announcement is put out there to let you all know what will be changing in Pale Moon, following up to the previous various posts made on the subject.
The big changes involved will see things both added and removed, and this announcement hopes to provide a quick overview of these changes and what to expect in the browser when the new milestone is published (estimated late November if all goes well!)

Major changes in the core (platform) code

The most important thing will be the changes in the core/platform code (what drives the browser application). As the web and internet landscape changes, so do the needs for a web client; and we've worked to solve the web compatibility issues that have been cropping up for Pale Moon users as much as possible.

Most important changes:
  • Many Javascript changes and additions to become more compliant with the ECMAScript 6 standard: support for generators, promises, symbols; more complete support for maps and sets, proxies and typed arrays, to name a few.
  • Another overhaul of the rendering engine, making this v3.0 of Goanna, with support for DirectX 11, Direct2d 1.1, off-main-thread compositing, and faster layout handling.
  • Font features will be improved: the new version will be able to handle more complex font delivery systems, supports WOFF2, and will have a standards-compliant ruby annotations system (controllable through CSS). As usual, we will continue to provide full support for graphite font shaping.
  • No more Windows XP (and Server 2003) support; the new engine and platform simply isn't geared to handle the ancient NT5 kernel and APIs any longer. What was previously still possible with a special compatibility build, can't be done anymore.
  • No more special Atom hardware version. The core code no longer benefits from these optimizations enough to warrant all the extra work involved in maintaining a separate branch of the Pale Moon code. The new version will run equally well on any processor without needing special treatment, making things a lot simpler for us as well as you!
  • Media support has been given a boost. Pale Moon will now support media source extensions (MSE) and more stable and compatible handling of HTML5 video and audio.
    Of note: although encrypted media (EME) is a companion specification to MSE, we will not support this in the browser. There will be no DRM or third-party (unknown/black-box) content decryption modules in Pale Moon.

Major changes in the application (front-end) code

Although the core has seen the most changes, there will also be some important differences in the application code (that which makes Pale Moon a browser). Please understand that our application code is our own; there is no later Firefox code in it, and for the people who still expect Pale Moon to be "some variant of Firefox", you should really stop doing that
icon_e_smile.gif


Most important changes:
  • We'll be building on a new toolkit, which requires some changes to how certain common features are handled. Although as a user you may not directly notice this, there are some subtle changes in the UI, and if you are a heavy preference-tweaker, you should consider resetting all your preferences to Pale Moon defaults, as your previous tweaks may be (very) detrimental to the new code.
  • While we do plan to have language packs for major languages available at a later date, our initial releases will only be available in English. Our previous language packs will not work and the localization effort for v27 and later will have to be given shape for this by the community.
  • While some Firefox "complete themes" may have worked in the past, you will find the new application code likely to be a lot less compatible. Unless you are using a theme that is specifically designed for Pale Moon, you will likely run into trouble.

Major changes for extensions

As mentioned previously, we will be dropping support for Jetpack/SDK extensions for technical reasons. Unfortunately, some SDK extensions will not have alternatives that are compatible with Pale Moon v27. Aside from that there are a few other considerations that need to be taken into account (especially by extension developers when they target Pale Moon as an application).

Most important changes:
  • Our file downloads have been brought across to no longer use the classic download manager interface. If you need to interact with downloads, you should use the so-called "JSTransfer" API as-present in Firefox 26 and above. This also means that there is a decent chance that "downloaders" made for Firefox 26+ will also "just work" on Pale Moon 27.
  • Our find bar implementation has been changed to work similarly to later Firefox versions, as well, to try and reduce the incompatibilities for extensions in that area.

If you are an extension developer, we strongly encourage you to download and test the Pale Moon pre-release versions with your extensions, and consider targeting Pale Moon v27 and above natively.

If you want to test pre-releases
Pale Moon - Works in Progress
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top