Pale Moon Version 28.2.0 Released with Security Updates

Pale Moon has been updated to version 28.2.0, a major development release addressing performance, web compatibility, bugfixes, regressions and security vulnerabilities.  In particular, security fixes have been implemented for CVE-2018-12381, CVE-2017-7797, a better fix for CVE-2018-12386 (DiD), CVE-2018-12401 (DiD), CVE-2018-12398, CVE-2018-12392, several Skia bugs, and several crashes and memory safety hazards that do not have a CVE number.

From the Release Notes:

Changes/fixes:

• Fixed a major performance issue with web workers.
• Fixed a rare crash on local networks with HTTP basic auth and unsupported cipher suites.
• Fixed a performance/timer issue when leaving the browser idle.
• Fixed an issue causing an empty dialog when launching executable files from the browser.
• Fixed an issue preventing making entries to disallow sites to store data for off-line use.
• Removed code to prevent extensions with binary components.
• Fixed an issue with common dialogs being sized incorrectly for their content.
• Fixed an issue with event handling on the tab bar that would cause frustrating behavior when trying to open/close tabs in rapid succession.
• Switched default behavior for scrolling when a context or pop-up menu is open to allow scrolling, like in v27. This also affects scrolling in very long menus, e.g. bookmarks.
  
• Added experimental Asynchronous Panning and Zooming (APZ) for desktop use.
• Re-enabled the use and parsing of ICC v4 color profiles.
• Removed telemetry code from the caching subsystem.
• Improved full-screen detection for suppressing status messages.
• Made all arguments passed to Init*Event() optional except the first for parity with other browsers.
• Cleaned up some internal installer code.
• Fixed making caret width configurable when dealing with CJK characters (regression).
• Fixed drawing of table borders consistently when zooming a page (regression).
• Exposed the "Save download location per site" pref in about:config.
• Improved media handling (ongoing).
• Added experimental support for AV1 in WebM videos (disabled by default).
  Note: this is for WebM only for now, so MP4 and MSE AV1 streams (e.g. YouTube) will not (yet) play.
• Removed the (defunct and incomplete) in-browser translation code.
• Fixed an issue with CSS Grid layouts unnecessarily shrinking element blocks.
• Fixed notification settings menu entry (opes about:permissions with relevant data now).
• Fixed the launching of an undesirable background content process for capturing page thumbnails.
• Fixed a focus issue in the bookmark properties dialog.
  
• Changed the setting for reporting CSS errors to the console to false by default, to prevent unnecessary performance loss for recording this data.
• Added control mechanisms for Opportunistic Encryption (both for alternative services and upgrade-insecure-requests) in preferences, and disabled this by default due to potential security and privacy issues with this transitional technology.
• Updated the default reported Firefox version in Firefox Compatibility Mode to prevent "too old Firefox" complaints on websites.
  
• Updated libnestegg, ffvpx, reader view components and several other modules from upstream.
• Implemented security fixes for CVE-2018-12381, CVE-2017-7797, a better fix for CVE-2018-12386 (DiD), CVE-2018-12401 (DiD), CVE-2018-12398, CVE-2018-12392, several Skia bugs, and several crashes and memory safety hazards that do not have a CVE number.

Download:

• Pale Moon for Windows
• Pale Moon for Linux

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...