- Fixed several memory security hazards CVE-2014-1574 and CVE-2014-1575
- Fixed CVE-2014-1581.
- Fixed bug 1069584: Bail if a cairo surface is in an invalid state.
- Made sure to initialize surfaces for draw targets.
- Fixed bug 1074280: Use AsContainerLayer() in order to avoid a bad cast.
- Fixed several problems in the HTML parser (multiple vulnerabilities).
- Improved security of XHR by filtering out types of requests that can potentially be abused.
New Features and Improvements:
- New feature: multi-line flexbox support.
Pale Moon now supports more advanced multi-line and multi-column flex elements. This will allow websites to use these elements for easier responsive design of web pages and ordering/layout of multiple elements. This should address layout issues on several recently-updated websites (e.g. the MSN home page).
- New feature: added support for collapsed flex element items.
Previously, flex elements that would be "collapsed" through CSS would be hidden, but still take up their flex space.
- Enhanced feature: Content Security Policy (CSP)
Pale Moon now fully supports the CSP 1.0 specification allowing websites to set restrictions on content to prevent XSS (Cross-site scripting) attacks. Previously, the implementation in Pale Moon was partial, and did not support a number of features, resulting in some websites not rendering properly because Pale Moon was being too strict in enforcing the policy. This should address issues on websites enforcing CSP (e.g. the Dropbox web interface and FaceBook galleries).
- New feature: added support for iframes with inline content.
This added HTML5 feature makes it possible for web designers to specify the content of iframes in-line, instead of having to link to an external source. This allows for more dynamic use of iframe elements.
- Updated the Firefox Compatibility mode version to 31.9.
With the improvements in rendering, HTML5 support and overall feature set in this version, the Firefox Compatibility mode (as presented in the UserAgent string) has been bumped to prevent websites from complaining about "using a too old/unsupported version of Firefox" (e.g. Google websites) while offering those sites a Firefox Compatibility version that is in line with the "expected" feature set of the browser. You may still run into some websites that don't like Pale Moon's user agent and require a manual override as outlined in the FAQ.
- Pale Moon no longer builds the so-called "media navigator" by default.
This module provides access to the user's webcam and microphone. Although it can be used for other purposes, in practice this is only used for WebRTC and, in fact, its support (GetUserMedia) is often mistaken for actually supporting WebRTC in a browser (causing errors since Pale Moon does not support WebRTC). No longer including these features reduces input complexity and overhead for a feature not actively used. This also circumvents privacy concerns/confusion like CVE-2014-1586.
- Improved tab handling on lightweight themes (personas) some more to enhance contrast on certain themes and to make the tab hover effect slightly more distinct.
Minimum system Requirements (Windows):
- Windows Vista/Windows 7/Windows 8/Server 2008 or later
- A processor with SSE2 support
- 256 MB of free RAM (512 MB or more recommended)
- At least 150 MB of free (uncompressed) disk space
UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...