Why You Shouldn’t Use Firefox Forks Like Waterfox, Pale Moon, or Basilisk

Status
Not open for further replies.

212eta

Level 9
Thread author
Verified
Well-known
May 11, 2011
444
[URL='https://www.howtogeek.com/335712/update-why-you-shouldnt-use-waterfox-pale-moon-or-basilisk/']Why You Shouldn’t Use Firefox Forks Like Waterfox, Pale Moon, or Basilisk

by Chris Hoffman on February 22nd, 2018
xfirefox-waterfox-pale-moon-border.png.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.2jmiLfWXW-.jpg
[/URL]
Mozilla Firefox is an open source project, so anyone can take its code, modify it, and release a new browser. That’s what Waterfox, Pale Moon, and Basilisk are—alternative browsers based on the Firefox code. But we recommend against using any of them.

If You Don’t Like Firefox Quantum, Use Firefox ESR Instead

We like Firefox Quantum, which is faster and more modern than previous releases of Firefox. If you want to keep using your old add-ons that no longer work in Firefox Quantum, we recommend Mozilla’s Firefox Extended Support Release (ESR) instead.

Firefox ESR is based on Firefox 52, supports traditional XUL Firefox add-ons and NPAPI plug-ins, and will continue receiving security updates directly from Mozilla until July 2, 2018.

Yes, Mozilla has done some things we’re not crazy about. The Mr. Robot “Looking Glass” add-on was ridiculous, and we’re not thrilled about what they’re doing with Cliqz in Germany. But, after taking some deserved public heat, they’ve made
policy changes
and we’re hopeful they’ll do better in the future.

Even if you don’t completely trust some of Mozilla’s business decisions, your browser is just too important to be left to a small community of enthusiasts. We think it’s best to go with a big project with a large number of developers that receives a lot of attention to security. That’s why we recommend against using these smaller Firefox-based browsers, and why we also recommend against using alternative browsers based on Google Chrome. Here are our concerns with some of the more popular Firefox alternatives.
Waterfox Is Firefox ESR, But With Slower Security Updates
ximg_5a2b0aa5b1150.png.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.QaVvopB3sR.png


Waterfox is based on Mozilla Firefox, and it’s probably the most popular alternative browser based on the Firefox code. It made a name for itself by being a 64-bit browser based on the Mozilla Firefox code when Mozilla only offered 32-bit versions. However, Mozilla Firefox is now a 64-bit browser on 64-bit versions of Windows, so that’s not a reason to use Waterfox anymore.

Today, Waterfox is based on Firefox ESR. It advertises support for traditional XUL Firefox extensions and NPAPI plug-ins like Java and Silverlight. These are both features of Firefox ESR, so you don’t need to switch to Waterfox to get them. After Firefox ESR reaches end of Life, “a “new” browser will be developed to follow the ethos of Waterfox of customisation and choice”, according to the Waterfox blog.

Waterfox also has some other different features. It disables Pocket by default, but you can disable Pocket yourself in Firefox. It won’t send telemetry data to Mozilla, but you can disable that from Options > Privacy & Security > Firefox Data Collection and Use in Firefox. Encrypted Media Extensions (EME), which are required for sites like Netflix, are also disabled by default—and, again, you can disable them yourself in Firefox, if you like.

Overall, using Waterfox is basically just like using Firefox ESR and changing a few settings…with one big difference: security updates arrive in Firefox ESR much faster than they do in Waterfox. Whenever Mozilla releases security updates for Firefox ESR, the Waterfox developers have to integrate those updates into Waterfox before delivering them to users.

Let’s look at the most recent major release: Mozilla released Firefox 57 on November 14, 2017. Waterfox’s developers released Waterfox 56 that incorporated the security updates found in Firefox 57 on November 30, 2017. We don’t think waiting more than two weeks for security updates is a good idea!

Here’s a more recent example from a minor release: On January 23, 2018, Mozilla released Firefox 58 and Firefox ESR 52.6 with a variety of security fixes. Three days later, the Waterfox project said it was working on integrating these patches on Twitter. On February 1, 2018, Waterfox 56.0.4 was released with these patches. That means Waterfox users waited nine days for a security patches from a minor release, compared to if they were just using Firefox. We don’t think it’s a good idea to wait that long.

In the future, this will only get more complicated as the Waterfox developers try to make their own browser. We recommend staying away and just using Firefox ESR.

Pale Moon Is Based on Very Outdated Firefox Code
ximg_5a2b0c5b9932a.jpg.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.vEajxgCCR5.jpg


Pale Moon is based on older Firefox code. The current version of Pale Moon is based on Firefox 38 ESR, which was originally released in 2015. The prior release was based on Firefox 24 ESR, which was released in 2013. The project uses an older Firefox interface created before the Australis theme, and still supports XUL add-ons.

Rather than being based on Mozilla’s Gecko rendering engine, Pale Moon is based on “Goanna“, an open-source browser engine that’s a fork of gecko. (In open-source software, a “fork” is when someone takes the existing code of a project, copies it, and develops it themselves from that point forward, going in a different direction.)

While Waterfox is based on code that’s currently supported by Mozilla, Pale Moon is based on much older code. It won’t have the new web features or performance improvements of modern versions of Firefox, nor does it support watching certain kinds of video with DRM.

More importantly, basing a browser on such old code makes security patches harder. Pale Moon’s developer tries to keep up with Firefox security patches, but he’s maintaining old code that Mozilla has abandoned. Mozilla reportedly has over a thousand employees, while Pale Moon has one primary developer, trying to maintain a huge amount of code that’s becoming increasingly outdated. The older code also omits features that help make modern browsers so secure, like the multi-process sandboxing features that have finally arrived in Firefox Quantum.

Besides, Pale Moon tends to perform worse on browser benchmarks compared to modern browsers, which isn’t surprising given its age. The developer disagrees with browser benchmarking, but it’s not surprising a browser based on four year old code might be slower than a modern one.

Basilisk Is a More Modern, But More Unstable Pale Moon
ximg_5a2b0c0fcf855.png.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.bMXdcwh9Bi.png


Basilisk is a new browser from the creator of Pale Moon. While Pale Moon is based on Firefox 38 ESR, Basilisk is based on newer Firefox code. The developer is working on the “Unified XUL Platform (UXP)”, which is a fork of Mozilla’s code without the new Servo and Rust code that makes Firefox Quantum so fast. It also doesn’t enable any multi-process features.

A future version of Pale Moon will be based on this code, but right now the developer considers Basilisk an unstable development platform.

This fits Pale Moon’s kind of weird history. The first major version of Pale Moon was based on Firefox 24 ESR, due to a disagreement about where Firefox was headed. But the developer eventually had to switch to Firefox 38 ESR to get more modern features. Now, the developer is doing the same thing again, basing this new version largely on the pre-Quantum Firefox code. We don’t see the point of resisting new features only to make a major leap to them every few years anyway. Just stick with a browser that’s continually updated, like Firefox.

As for why you shouldn’t use this browser, aside from the same security and usability concerns inherent with Pale Moon, even the developer says it’s “development software” that should be considered beta.

These aren’t the only Firefox-based browsers out there, but they are the most popular—and most others will likely come with similar issues. It’s best to stick with a browser that has a big team behind it so security problems can be caught, fixed, and patched as fast as possible.

Why You Shouldn’t Use Firefox Forks Like Waterfox, Pale Moon, or Basilisk
 

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
^^ thx! nice article!

If You Don’t Like Firefox Quantum, Use Firefox ESR Instead
We recommend staying away and just using Firefox ESR.

it seems i made the right decission: i swiched to Firefox ESR 52.XX few months ago. This release of firefox been running fine all the time on all my machines.
 
Last edited:

insanity

Level 5
Verified
Oct 9, 2016
216
The article has some few incorrect statements. Waterfox is not based on Firefox ESR, but on Firefox 56 with backports of security/bug fixes. The developer intends to move to ESR when the new Firefox ESR arrives. And the article misses the reasons why people choose to run those browsers. Firefox ESR is already below the minimum requirement that some up to date addons requires to run. Waterfox is a better compromise, supporting most XUL addons and some Web Extensions as well. And others choose Pale Moon for its UI, because Mozilla keeps on changing Firefox theme, or adding new features just to kill them some releases later. But I agree that these forks will be behind Firefox, regarding delivering updates, but it's still not a definitive reason to ditch these browsers straightaway.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
^^ thx! nice article!



it seems i made the right decission: i swiched to Firefox ESR 52.XX few months ago. This release of firefox been running fine all the time on all my machines.
- love the rounded corners!
I have too FF ESR 52.6.0 this new version, but have problem: it's not supporting HTLM5 features: the H.264 video codec and MSE & H.264.

My Basilisk/Nightly version supports all HTML5

Check with YouTube HTML5 test: YouTube
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
The author criticizes Pale Moon for being "based" on an older Firefox base. However, he states it himself that a fork takes the source code and develops it in a new direction (in this case, the Goanna engine).

And so the better approach would be that Pale Moon's integrity must be judged not according to being based on an "outdated" Firefox or the Gecko engine, but according to its own right, being moved to a "different" direction by its main developer, Moonchild. :)

As the fans of Pale Moon would say, "Pale Moon is not Firefox [or a Firefox clone], and will never be." :cool:

I use Google Chrome (primary), Mozilla Firefox (secondary), and Pale Moon. For me, Firefox really is more responsive than Pale Moon. :)
 
Last edited:

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
- with this same add-ons?
Yes. :)

- and try Basilisk maybe for comparison?
Maybe in the future, but not now nor sooner. :)

My statement is based on the current and previous Firefox versions and current and previous Pale Moon versions. So far, I've found Firefox to be more responsive, at least on my laptop. :)
 

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
I was a big fan of Cyberfox.
It was fast and stable on my system and best of all when Mozilla was releasing a security update
Cyberfox was updated after just a few hours, that was great.
But since Mozilla moved to Quantum Cyberfox developer decided to put his browser ESR.
After that i switched to FF Quantum.
Other FF forks don't have good performance on my system.
 

Amiga500

Level 12
Verified
Jan 27, 2013
661
I use palemoon and basillisk browsers and they run just fine.However as time goes on maybe these will become irrelevant?
who knows?
but today is now and i find they both meet my needs as a browser.
firefox 52 ESR will run its course for users eventually and then what options will they have?.i think basillisk could be an option for those users or maybe palemoon.
Next ESR is firefox 60 and this will incorporate features many users were trying to avoid,browser choices are becoming slim for those who wish to avoid firefox quantum,
 

Amiga500

Level 12
Verified
Jan 27, 2013
661
I tried firefox quantum and indeed it is an excellent browser without a doubt but for some odd reason cookie extensions will not work with it properly.maybe in time this will be fixed or could it be i simply do not properly understand how the new firefox works.
 
  • Like
Reactions: Prorootect

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Latest Firefox ESR 52 version is:
52.7.3
Firefox ESR
March 26, 2018
Mozilla Foundation Security Advisory 2018-10


Use-after-free in compositor

Announced: March 26, 2018
Impact: high
Products: Firefox, Firefox ESR
Fixed in:
Firefox 59.0.2
Firefox ESR 52.7.3

Use-after-free in compositor

So no more problems with downloading/use (crashes of GUI) of some add-ons, it's fixed, this problem (from the 52.7.0 version only).

Now, Firefox ESR 52.7.3 works very good, is quick to render pages (use Load Time add-on like me), could download more add-ons...
...but HTML5 test says: H.264 and MSE & H.264 doesn't work. Here. Why?..
 
Last edited:

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
... and Why, in Firefox ESR 52.7.3 - all the supplementary icons, of MT links like FORUMS, NEWS, TUTORIALS,...REVIEWS etc, so next to these links, are in ASCII characters?
- Here, maybe you don't have these ASCII characters next to MT links?...

On Nightly and Cent - it's OK., no ASCII characters...

EDIT:
Found why. It's uBlock Origin...cause I've blocked Remote fonts, on the GUI! ha
 
Last edited:
  • Like
Reactions: harlan4096
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top