Pale Moon version 26.x.x

Status
Not open for further replies.
Y

yigido

Thread author
24.7.2 (2014-09-11)
This is a small bugfix and security update.

Fixes/changes:
  • Use (i) icon for error console informational messages instead of (?)
  • Properly derive and insert the host of a URL security fix
  • Avoid negative audio ratios. security fix
  • Release XPCOM timer immediately after firing to prevent a race condition.
  • Add is-object check to IonBuilder::makeCallHelper. security fix
http://www.palemoon.org/
 
  • Like
Reactions: Moose

Petrovic

Level 64
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Pale Moon 25 available now, introduces major changes
Pale Moon is a popular web browser that is probably best described as a spin-off of the Mozilla Firefox web browser. It has seen a rise in popularity recently as it did not implement the new Firefox Australis design but that is not the only reason why it is popular.

The author of the program has made available a 64-bit version of Pale Moon for instance for Windows while Mozilla has not been making available 64-bit versions of Firefox Stable for Windows (This will change in the coming months though).

Pale Moon 25 is the latest version of the browser. It has not been released officially yet but a release is imminent. This moves the browser from version 24.x which launched initially in 2013 to version 25.

Along with the move come several important changes that may impact users of the browser. For one, Pale Moon won't support Windows XP anymore.

I have contacted the author of Pale Moon to get more information on this and will update the article as soon as I get a reply. It is likely that this won't have an effect on XP users immediately as the browser will likely still run on the system.

Clarification: Pale Moon 25 won't support Windows XP anymore which means that XP users won't be able to run the app on their system anymore. There are alternative builds available that can be used, and the ATOM build may also be an option as it continues to use XP.



Pale Moon 25 will use a new synchronization system on a new server. This means that users who have been using synchronization in the browser will need to create a new account when they update to version 25 to continue syncing data. This works similar to how Mozilla's new Firefox Sync is set up and used.

The author notes that the old sync server will be disabled in a short period of time after the release of Pale Moon 25 to free up infrastructure and reduce costs.

Another sync related change is that add-ons are not synced anymore by default. You can check add-ons however in the sync settings so that they are synchronized across devices.

Several compatibility changes have found their way into Pale Moon 25 as well:

  1. Firefox Compatibility mode is disabled by default. This means that Pale Moon won't use a Firefox indicator in its UserAgent string anymore. Users may experience issues on some sites because of that. There is however an option to override the user agent on a per-site basis so that this should not be much of an issue after all.
  2. Pale Moon will retain Firefox compatibility with Firefox 24.x extensions regardless of the browser's own version. This was done by disconnecting Firefox's compatibility mode by default.
  3. The browser's Global Unique Identifier has changed, and extensions with Pale Moon's or Firefox's GUID can be installed natively now.
  4. The WebAPP runtime is not build anymore.
  5. Mozilla Corporation service tools are not build anymore.
Support for VP9 and Opus audio has been added to WebM support of the browser which improves media playback support of Pale Moon.
http://www.ghacks.net/2014/10/09/pale-moon-25-available-now-introduces-major-changes/
 
Y

yigido

Thread author
25.0.1 (2014-10-15)
This is a small update to address an important Jetpack extension compatibility issue and includes a number of security fixes.
  • Update of the add-on SDK to add missing "Pale Moon" engine entries to lists. This should fix extension compatibility issues for jetpack extensions that otherwise already work with the new GUID.
  • About box release notes link corrected
  • Fix for VP9 decoder vulnerability security fix
  • Fix for direct access to raw connection sockets in http security fix
  • Fix for unsafe conversion to JSON of data through the alarm dom element security fix
  • Update of NSS to 3.16.2.2-RTM security fix

    http://www.palemoon.org/
 
Y

yigido

Thread author
25.0.2 (2014-10-24)
This is a small update to address a number of teething problems with the new milestone release.

Fixes/changes:
  • Added a "Firefox compatibility mode" selection in Options -> Advanced.
    This mode is enabled by default (reluctantly so), because too many websites (including some very big players who, themselves, promote an Open Web...) still use very poor browser detection methods based on arbitrary User Agent string comparisons, not catering to alternative browsers, and the resulting user experience being poor (being presented with mobile site layouts, broken pages, or even being flat-out refused service because someone exercises freedom of choice for web browser used). This should alleviate most, if not all, issues with browser-discriminating websites.
  • Improved active tab display on particularly dark personas.
    People using "black" personas/lightweight themes should now have a lot less difficulty distinguishing the active tab.
  • Disabled SSL 3.0 by default (to put a muzzle on the POODLE).
    Please note that this may cause issues with some poorly configured web servers (usually ones with a hopelessly broken security setup that do not support TLS 1.2 or secure (re)negotiation of the protocol).
  • Fixed add-on update issue (that was preventing update checking through addons.palemoon.org).
  • Fixed the redundant redundancy in asking redundantly if the browser would be allowed to ask to install an extension when not on addons.mozilla.org.
  • Fixed the internal UA-sniffing insanity that broke devtools in a few different and colorful ways.

    http://www.palemoon.org/
 

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
Since i have updated to version 25 i am experiencing some freezing of the browser and i don't know why:eek::cool:. At first i thought it was comodo but settings haven't been changed so i think this freezing issue of Pale Moon is caused by in their new version:(.The bug still is in version 25.0.2 but freezes has been a few now.
I hope they will fix this bug because i really like Pale Moon and never have any problem until v.25;)
 

darko999

Level 17
Verified
Well-known
Oct 2, 2014
805
Since i have updated to version 25 i am experiencing some freezing of the browser and i don't know why:eek::cool:. At first i thought it was comodo but settings haven't been changed so i think this freezing issue of Pale Moon is caused by in their new version:(.The bug still is in version 25.0.2 but freezes has been a few now.
I hope they will fix this bug because i really like Pale Moon and never have any problem until v.25;)

I've been using it and got 0 freezes. Check the forum for help, there is great support. Try to disable addons to check issues related to them.
 
Last edited:
  • Like
Reactions: tonibalas
Y

yigido

Thread author
25.1.0 (2014-11-14)
This is an important update after rapid development on the back-end to keep pace with the current changes on the web and improve compatibility with websites.

Fixes/changes:
  • New feature: multi-line flexbox support.
    Pale Moon now supports more advanced multi-line and multi-column flex elements. This will allow websites to use these elements for easier responsive design of web pages and ordering/layout of multiple elements. This has been on Pale Moon's to-do list for a while but was rather complex to tackle, hence the delay in implementation. This should address layout issues on several recently-updated websites (e.g. the MSN home page).
  • New feature: added support for collapsed flex element items.
  • Enhanced feature: Content Security Policy (CSP)
    Pale Moon now fully supports the CSP 1.0 specification allowing websites to set restrictions on content to prevent XSS (Cross-site scripting) attacks. Previously, the implementation in Pale Moon was partial, and did not support a number of features, resulting in some websites not rendering properly because Pale Moon was being too strict in enforcing the policy. This should address issues on websites enforcing CSP (e.g. the Dropbox web interface and FaceBook galleries).
  • New feature: added support for iframes with inline content.
  • Updated the Firefox Compatibility mode version to 31.9.
    With the improvements in rendering and overall feature set, the Firefox Compatibility mode (as presented in the UserAgent string) has been bumped to prevent websites from complaining about "using a too old/unsupported version of Firefox" (e.g. Google websites).
  • Pale Moon no longer builds the so-called "media navigator" by default.
    This module provides access to the user's webcam and microphone. Although it can be used for other purposes, in practice this is only used for WebRTC and, in fact, its support (GetUserMedia) is often mistaken for actually supporting WebRTC in a browser (causing errors since Pale Moon does not support WebRTC). No longer including these features reduces input complexity and overhead for a feature not actively used. This also circumvents privacy concerns/confusion like CVE-2014-1586.
  • Improved tab handling on lightweight themes (personas) some more to enhance contrast on certain themes and to make the tab hover effect slightly more distinct.
  • Fixed oversized/blocky menu arrows on Windows 8.1 in HiDPI mode.
  • Fixed incorrect operating system being passed on to addons.mozilla.org.
  • Fixed an error being thrown in the error console/web console when opening a new window.
  • Removed the NVidia 3D Vision auxiliary utility library.
    This library has been the likely cause for a number of crashes on NVidia cards, and is completely unnecessary for Pale Moon.
  • Made the installer less aggressive for file type associations, to prevent "stealing" of globally associated file types.
  • Android: improved restoring of session tabs.
  • Android: added an option to automatically restore tabs.
    An important thing to note with this new option is the following: with the option enabled, Pale Moon will now automatically restore tabs you had open previously when the app gets suspended (pushed out of memory by other apps, closed by swipe, etc.). The "quit" main menu option, however, completely shuts down your session, unloads Pale Moon from active memory, and tabs will not be automatically restored when you launch Pale Moon again. This is by design. To restore tabs in that situation, use the link from the home screen.
  • Fixed memory security hazards CVE-2014-1574 and CVE-2014-1575 security fix
  • Fixed CVE-2014-1581. security fix
  • Fixed bug 1069584: Bail if a cairo surface is in an invalid state. security fix
  • Made sure to initialize surfaces for draw targets. security fix
  • Fixed bug 1074280: Use AsContainerLayer() in order to avoid a bad cast. security fix
  • Fixed several problems in the HTML parser. security fix
  • Improved security of XHR by filtering out types of requests that can potentially be abused. security fix
http://www.palemoon.org/
 

PrivacyAdvocate

New Member
Nov 23, 2014
2
25.1.0 (2014-11-14)
This is an important update after rapid development on the back-end to keep pace with the current changes on the web and improve compatibility with websites.

I want to thank the PaleMoon developer(s) for not only a great alternative to Firefox, but for doing such a great job of maintaining and improving it. With the exception of some add-on compatibility issues, I've had good luck with it so far.
 
Y

yigido

Thread author
25.1.1 (2014-11-28) Android only!
  • This point release for Android only addresses critical browser issues (crash on startup) when trying to run Pale Moon on Android 5.0 (AKA Android-L or Lollipop). No other changes involved in this release.

http://www.palemoon.org/
 

Petrovic

Level 64
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Pale Moon Tweaks
Pale Moon and Firefox are two popular web browsers that share many features. Most Firefox add-ons run perfectly fine in Pale Moon for example and the same is true for the majority of about:config tweaks.

Differences exist on the other hand and it is likely that the gap widens in the future due to decisions made by both development teams.

Pale Moon was not switched to the Australis interface for instance that Firefox was switched to in version 29. While that looks like just an interface change, it impacts a lot in the browser.

Some add-ons have been designed specifically for Australis for instance while others won't work with the new interface at all.

As far as tweaks are concerned, the majority of them are identical. If you check out our Firefox security guide for instance, you will notice that most tweaks and add-ons listed on the page are compatible with Pale Moon as well.

Note: Some of the tweaks below work in Firefox as well.

About:config


1) Search 2) Parameter Name 3) Type (accepted values) 4) Values

If you are not familiar with about:config, it is actually simple but also very powerful at the same time. All you have to do is type about:config into the Pale Moon address bar and hit enter.

Pale Moon lists a huge number of preferences on the page that opens that can all be changed to modify behavior.

Some tweaks may change interface elements or behavior while others apply under-the-hood changes that modify caching, connections or the rendering of pages.

You change the value of parameters with a double-click on them. If it is a boolean (true or false values only) then it will be switched automatically to the other value. All other value types open a prompt instead that you use to change the value.

A right-click on a parameter opens a context menu with a reset option. This comes in handy if you want to restore the original value but cannot remember it.

Customize the secure site padlock

The majority of browsers show a padlock icon when you connect to secure websites such as https://www.startpage.com/. While the padlock is still displayed by most browsers, its position has changed in recent time.

Firefox and Chrome display it in the address bar inside the colored area indicating a secure site instead of in the status bar where it was located initially.

Pale Moon comes with several padlock related options that you may find useful:

  • parameter: browser.padlock.style


Defines where the padlock icon is shown in Pale Moon

  1. Inside the identity area on the right side of it (default).
  2. Inside the identity area on the left side of it (Firefox default).
  3. Next to bookmark star in the address bar.
  4. Right side of the status bar.
  5. Right side of the tabs bar.
  6. Same as 1 but classic style
  7. Same as 2 but classic style
  8. Same as 3 but classic style
  9. Same as 4 but classic style
  10. Same as 5 but classic style
Image related tweaks



  • parameter: browser.display.standalone_images.background_color
The default background color of the image viewer in Pale Moon is #2E3B41 which is a dark blue-grayish kind of color.

You can use the preference listed above to change the color to another one. If you select #ffffff for instance it becomes white. The color that you see on the screenshot is #b0b3b6.

Check out these Hex Colors for inspiration.

  • parameter: browser.enable_automatic_image_resizing
Pale Moon, just like Firefox, resizes images automatically so that they fit the browser window. Setting this preference to false prevents this from happening so that the original size is always loaded.

Security and privacy tweaks

The following tweaks have been posted on the Pale Moon forum.

  • parameter: dom.disable_window_open_feature.menubar
Set this to true to prevent websites from removing the menu bar in the browser with JavaScript.

  • parameter: dom.disable_window_open_feature.personalbar
Set this to true to prevent websites from removing the personal bar in the browser with JavaScript.

  • parameter: dom.disable_window_open_feature.scrollbars
Set this to true to prevent websites from removing scroll bars in the browser with JavaScript.

  • parameter: dom.disable_window_open_feature.titlebar
Set this to true to prevent websites from removing the title bar in the browser with JavaScript.

  • parameter: dom.disable_window_open_feature.toolbar
Set this to true to prevent websites from removing the toolbar in the browser with JavaScript.

  • parameter: dom.event.contextmenu.enabled
Set this to true to prevent websites from removing the context menu in the browser with JavaScript.

  • parameter: security.xpconnect.plugin.unrestricted
Set this to false to prevent plugins from using external scripts with XPCOM or XPCONNECT.

  • parameter: geo.enabled
Set this to false to disable geo localization.

  • parameter: browser.history.allow*State
Set this to false to prevent websites from manipulating your browser history.

Disable Tooltips



Tooltips are displayed in Pale Moon whenever you move the mouse cursor over an interface element that has a tooltip assigned to it.

It offers a short description of what the element does. If you have used the browser for some time, you probably don't need those anymore.

  • parameter: browser.chrome.toolbar_tips
Set this to false to disable tooltips in Pale Moon.

Network Prefetching

Pale Moon does not prefetch network resources like Firefox does by default. If you want that feature, as it may speed up browsing, then you need to enable it.

Note that it may increase bandwidth usage and impact privacy as well.

  • parameter: network.prefetch-next
Set the parameter to true to enable prefetching in Pale Moon.

Disable url formatting in the address bar



Pale Moon, just like Firefox, formats the url in the address bar to emphasize the domain name. The domain is displayed in bold while all other "parts" of it are not.

  • parameter: browser.urlbar.formatting.enabled
Set the value of the parameter to false to disable the formatting.

Disable animations in Pale Moon

  • parameter: browser.*.animate
While some of you may appreciate animations when new tabs are opened or you are using the tab groups feature, others may not want those to be displayed at all.

Set browser.tabs.animate and browser.panorama.animate_zoom to false, and browser.fullscreen.animateUp to 0.

Open new tabs next to the active one

Pale Moon opens new tabs at the end of the tab bar. This is different from Firefox which opens new tabs next to the active tab.

  • parameter: browser.tabs.insertRelatedAfterCurrent
Change the value of the parameter to true so that new tabs are opened next to the active tab in Pale Moon from that moment on.

Paste with middle mouse button

Set the following parameter to true to enable middle mouse button pasting. Instead of having to use Ctrl-v or the right-click context menu, you can now just middle-click to perform the same operation.

  • parameter: middlemouse.paste
Source
 
Y

yigido

Thread author
25.2.0 (2015-01-15)
This is an important update after rapid development on the back-end to extend browser capabilities and implement some ES6 draft functions for web programmers, as well as provide some important crashfixes, bugfixes and security updates.

Fixes/changes:
  • ES6: Added the following functions:
    • Array.prototype.find and Array.prototype.findIndex
    • IsConstructor(arg)
    • Array.of(items...)
    • Number.parseInt and Number.parseFloat
    • Advanced math functions: hyperbolic sin/cos/tan/asin/acos/atan, hypotenuse, cube root, expm1, log1p, log10, log2, sign and trunc
    • Map.prototype.forEach and Set.prototype.forEach
  • ES6: Added the following number constants: EPSILON, MIN_SAFE_INTEGER and MAX_SAFE_INTEGER
  • ES6: Added the use of binary and octal numeric literals (&b... and &o...)
  • ES6: Updated behavior of accessing indexed values in accordance with the spec.
  • CSS: Added overflow-clip-box:content-box|padding-box
  • DOM: Added table.createTBody() function
  • Added a clearer alltabs button for dark personas.
  • Added a development tools toggle hotkey (F12)
  • Added a preference prompts.tab_modal.focusSwitch to enable or disable tab switching when a modal dialog (e.g. javascript confirmation) is presented in a page.
  • IonMonkey on Android: fixed the implementation of AbsI.
  • IonMonkey: fixed a bug where actively used objects were discarded.
  • Fixed register initialization to prevent incorrect detection of SIMD instructions on some CPUs.
  • Optimized some loops in the spell checker to increase performance.
  • Simplified cache handling, updated cache parameters to better reflect current web use, and enabled automatic cache sizing by default.
  • Adjusted memory cache sizing to better reflect capacities of current hardware.
  • Updated UserAgent override workarounds for Netflix and FaceBook to fix some site issues.
  • Aligned programmatic access to geolocation with the spec.
  • Fixed a crash when being fed a data file (XML) with too deeply nested tags.
  • Fixed a crash in HTML5/WebAudio that affected some games.
  • Fixed a crash when programmatically collapsing elements.
  • Fixed a few non-breaking bugs related to e10s code.
  • Fixed text input/padding issues.
  • Updated surround downmixing code for Vorbis.
  • Improved tolerance in WebAudio for loading multichannel audio files.
  • Android: Fixed an issue with Flash, it should now run on more devices.
  • Updated the DDG search plugin to make the actual query be the last parameter in the address bar for easy editing after a search has been performed.
  • Removed some unused update channel code.
  • Updated branding to more clearly indicate Pale Moon's trademark.
  • Updated some licensing texts in-browser to properly reflect used code and rights.
Security/privacy fixes:
  • Added a preference network.stricttransportsecurity.enabled to enable or disable the use of HSTS (HTTP Strict Transport Security), allowing users to choose between privacy and security in this matter. (hidden pref)
  • Fixed CVE-2014-1589 by whitelisting XBL bindings that may be applied to untrusted content.
    Important: extension developers should read this related thread.
  • Fixed CVE-2014-1593.
  • Mac: fixed CVE-2014-1595.
  • Fixed CVE-2014-8639 by adjusting cookie handling through proxies.
  • Fixed CVE-2014-8636.
  • Fixed several memory safety hazards that do not have CVE numbers.
http://www.palemoon.org/
 
Y

yigido

Thread author
25.2.1 (2015-01-27)

This is a small update to address cookie handling through proxies causing issues for some authenticating proxies in corporate environments.
 
Y

yigido

Thread author
25.3.0 (2015-03-13)

This is an important update to improve features and performance, as well as address important security issues.

Fixes/changes:
  • Overhauled WebGL. It now properly supports depth textures, shadow mapping and glow shaders.
    Note that older operating systems or older/embedded video processors may be limited in their support of these features.
  • Updated the ANGLE library to a much more current version.
  • Removed the crash reporter code completely to improve overall browser responsiveness and operation.
    Please note that a necessary victim of this has been the in-browser (devtools) SPS profiler because of its reliance on crash reporter data-gathering tools.
  • Removed the Mozilla Plugin Finder Service (no longer in use @Mozilla).
  • Android: removed the Mozilla "product announcements" service.
  • Re-added control of the number of concurrent tabs to be restored from a session with browser.sessionstore.max_concurrent_tabs (accepted values 1-10)
  • Significantly improved performance and accuracy of date/time/timer handling.
  • Significantly improved performance of the creation of DOM elements with plain text content.
  • Added several significant performance optimizations for arrays and strings in javascript.
  • Added several code performance optimizations and bugfixes in SVG, the presentation shell, SCTP, style gradients and CSS parsing routines. (Thanks, Axiomatic!)
  • Added an "Open link in current tab" context menu entry on links for UI consistency.
  • Updated styling of the browser with personas (lightweight themes) once more to improve display in tabs-on-top mode, improve overall legibility of tab text, and display of inverted close buttons on some controls on dark personas.
  • Added a special case check for the Flash plugin version check on Linux failing due to commas instead of periods in the version string.
  • Added Windows 10 compatibility in executable manifests.
  • Android: Fixed a crash on GL canvas surfaces.
  • Fixed incorrect Sync "howto" instruction links from the Sync dialogs.
  • Fixed the color of selected tabs in Linux when personas (lightweight themes) are in use that do not match the overall tone of the OS system theme.
  • Fixed a bug where a variable in parentheses would abort Javascript parsing.
  • Fixed a bug where the address bar would incorrectly be cleared.
  • Fixed padding issues for dropdown lists.
  • Fixed DNS lookups so proper record types are requested for IPv4 and IPv6.
Security fixes:
  • Disabled all RC4-based encryption ciphers by default. [More info]
  • Fixed several miscellaneous memory safety hazards.
    (applicable bugs related to CVE-2015-0835 and CVE-2015-0836)
  • Fixed loading of locally stored DLL files through the internal updater. (CVE-2015-0833)
  • Fixed a potential crash point in IndexedDB. (CVE-2015-0831) DiD
  • Fixed a double-free situation when using non-default memory allocators and a 0-length XHR. (CVE-2015-0828)
    Note: production builds of Pale Moon were never vulnerable.
  • Fixed a crash using DrawTarget in the Cairo graphics library. (CVE-2015-0824)
  • Fixed potential reading of local files through manipulation of form autocomplete. (CVE-2015-0822)
  • Fixed a potential PNG heap-overflow crash. DiD
  • Followed up on research regarding CVE-2014-8639 (see 25.2) and made cookie handling through proxies more restrictive again.
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
Thank you, yigido.:) Now that this important update has been downloaded, extracted into this external USB, & onto it's previous portable version, I'm now sailling the latest model x64 version of Pale Moon once more!:D
 
  • Like
Reactions: darko999 and yigido
Y

yigido

Thread author
25.3.1 (2015-03-25)
This is a security update to the browser to address a critical vulnerability found in the pwn2own contest. Only one vulnerability found in this contest applies to Pale Moon, which has been addressed in this update.

Fixes/changes:
  • Fixed security vulnerability CVE-2015-0818. This vulnerability would allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
  • Fixed IPv6 DNS resolution regression in some less common cases.
 
Y

yigido

Thread author
25.3.2 (2015-04-25)
This release is an emergency update to fix crashes that started occurring because of Mozilla improperly signing the extensions and extension updates as offered through the Firefox Add-ons site addons.mozilla.org. Any improperly signed extension would not be able to be installed, and would immediately crash the browser.

No other changes were made in this release - this is a bugfix for this particular issue only.
 
  • Like
Reactions: darko999

LAGUN

Level 10
Verified
Well-known
Mar 31, 2014
467
25.4.0 (2015-05-08)

IMPORTANT: If you use a language pack, make sure to update it to the latest version! We do have automatic updates enabled for language packs but please double-check that the version matches. If you are using an older language pack with this version of the browser, some dialog boxes may come up blank.

This is a major update - too much has changed for this little blurb to do it justice so please see below for the most important changes/fixes in this release:


Fixes/changes:

  • Updated SQLite from 3.7.17 to v3.8.8.3, improving history/bookmark/etc. performance by up to 50% depending on operation
  • Added a new "mixed-mode" state for HTTPS connections. Clarified mixed-mode connections with a mixed-mode padlock and better tooltips.
  • Added a conditional partial shading to the URL bar and made it default (shading only on secure sites, no red shading at all by default).
  • Dev: Fixed file system mode flags for *nix systems, to make executable files like scripts actually flagged as executable
  • Added native IPv6 lookups to NSPR to solve IPv6-only and dual-stack setups in some situations
  • Added a pref to control the unloading of idle plugins from memory and lowered the default "idle" time to 60 seconds before plugins are unloaded
  • Fixed version strings for e.g. flash on Linux being displayed with commas instead of periods - this should also fix the incorrect "your plugin is vulnerable" message while being on the latest version
  • Windows: Set the double-click/Ctrl+arrow word selection to not eat the space (only select the actual word)
  • Android: DNS fix for VPN connections, preventing the "server not found" issues people have been reporting for certain VPN providers on mobile
  • Updated a number of trusted root certificates, and distrusted the CNNIC root certificate by popular demand
  • Linux: Worked around the slice memory allocator not being properly disabled on later GLib versions
  • Android: updated the random number generator handling on later versions of Android
  • Added fix to prevent spurious re-paints with plugins (performance/UX improvement)
  • Removed the plugin check link from the Addons Manager, since it's no longer reliable and not officially available for browsers except Mozilla Firefox. (Bonus: no user profiling/tracking through optimizely!)
  • Optimized the NSS callback for secure connections
  • Updated the domains that are whitelisted for installation of extensions/themes/personas, streamlining the use of addons.palemoon.org
  • Added personas support to titlebar text (adopt the lightweight theme's coloring/shading) in custom titlebar mode (Pale Moon appmenu/button)
  • Added display of HTTPS protocol (SSL/TLS) to the page info window (thanks Travis!)
  • Improved certificate display: Removed MD5 and added SHA256 fingerprint, and made them selectable/copyable
  • Updated classification of secure connections: Classify any encryption with less than 128 bits or including RC4 (if manually enabled, see previous version notes) as weak.
  • Dev: Added availability of the full ciphersuite string for use in extensions to the nsISSLStatus interface (nsISSLStatus.cipherSuite)
  • Added MAKE_UNLINKABLE to the about: page redirector and added that as default for the reader mode on Android
  • Removed the compilation and inclusion of a one-time-use pre-compiled startup cache in omni.ja, reducing overall application size significantly and avoiding a number of quirks of both the build process and the operation of the browser
  • Fixed an NVIDIA specific GLX server vendor bug for pixmap depth and fbConfig depth
  • Removed most telemetry code, reducing code complexity and wasted CPU
  • Linux: Added OSS support (mutually exclusive with ALSA): configure with --enable-oss
  • Made DNS caching a lot less aggressive to align the browser's behavior with the dynamic nature of the modern web.
  • Removed Mozilla-specific parameters for searches. Search suggestions should now work again for Google searches
  • Added the option to allow users to use a fixed (JSON) file-based geolocation response in favor of a GeoIP service.
  • Dev: Improvements to Clang builds (thanks Axiomatic/BitVapor!). Clang is not currently producing stable builds on Linux, so please use GCC for that operating system.
  • Linux: removed GnomeVFS that's no longer in use
  • Fixed the "double padlock while loading a secure site" niggle in the UI
  • Dev: added allowance of using -moz-appearance:none on drop-down lists to hide the arrow button (catering to custom styling of the control)
  • Added some more ES6 math/number functions:
    • Implemented Math.fround(x)
    • Implemented Number.isSafeInteger(x)
    • Implemented Math.clz32(x)
Security fixes:
  • Fixed several memory safety hazards (UAF/DF/UU); applicable bugs covered by CVE-2015-0815 and CVE-2015-0815
  • Fixed CVE-2015-0811 [qcms] heap info leak
  • Fixed CVE-2015-0810 clickjacking attacks via a Flash object in conjunction with DIV elements
  • Fixed CVE-2015-0801 a variant of CVE-2015-0818
  • Fixed CVE-2015-0800 improve randomness of DNS resolver queries on Android
  • Fixed CVE-2015-0798 access to privileged URLs through about: redirector
https://www.palemoon.org
 

LAGUN

Level 10
Verified
Well-known
Mar 31, 2014
467
25.4.1 (2015-05-10)
This is a small but important update to the previous major release to address some critical issues:
  • Fixed loss of the browser's disk cache on startup due to incorrect corruption detection logic
  • Fixed a browser crash on some HTML5 games
https://www.palemoon.org
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top