Tuesday, January 15, 2019

Pale Moon Version 28.3.0 Released


Pale Moon
Pale Moon has been updated to version 28.3.0.  This is a major development and bugfix release.

The release includes DiD ("Defense-in-Depth") changes.  This means that a fix does not apply to a (potentially)actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

The Linux versions will follow.

From the Release Notes:

Changes/fixes:

  • Added AV1 support for MP4/MSE videos. Please note that this is a reference library implementation and the upstream decoding lib currently has poor performance for higher resolutions (720p+). This is disabled by default; use the about:config preference media.av1.enabled to enable this codec.
  • Changed the API used for video playback with FFmpeg 58+. This should solve performance issues with VPx.
  • Redesigned the main toolbar icons as SVG images to make them HiDPI compliant.
  • Fixed the sync notification (infobar) icon.
  • Fixed a potential cycle collector resource leak.
  • Added icons and controls to tabs to indicate if sound is playing the tab and if so, allowing the user to mute it with a click.
    This is a native implementation of the API in use in Basilisk and performs the same function as the "expose noisy tabs" extension, although the extension may still be preferred by some for e.g. skinning capabilities. The feature may be disabled with browser.tabs.showAudioPlayingIcon.
  • Removed support for VR hardware.
  • Fixed out-of-bounds sizes for CSS calculation strings.
  • Removed the DirectShow component since it is no longer necessary.
  • Removed Firefox Accounts integration, phase 1:
    • Changed the Sync client to the one from Tycho.
    • Made Sync optional at build time.
  • Stopped trying to cater to addons.mozilla.org since they no longer offer anything useful to Pale Moon after the Great XUL Extension Purge™.
  • Added an option to process favicons for optimal sized display and removing animations. Enable this with browser.chrome.favicons.process
  • Fixed an incorrect preference reference in feed reader.
  • Fixed an issue with lazy frame construction on display:contents elements. This should solve e.g. the use of mathjax in comments on stackoverflow.
  • Media code improvements and cleanup (ongoing).
  • Updated the DropBox useragent override to solve login issues.
  • Fixed potential crashes due to shutdown observers in VTT and font lists. DiD
  • Enabled some mistakingly-disabled optimizations in the JS JIT compiler.
  • Fixed several potential crashes in JS. DiD
  • Fixed several potential crashes in WebCrypto. DiD
  • Fixed a potential crash in JS Range Analysis. DiD
  • Fixed a potential crash in the layout engine due to combo boxes. DiD
  • Fixed a potential shutdown crash in non-standard environments related to 2D Canvas. DiD
  • Fixed a potential overflow in the PNG writer. DiD
  • Fixed a potential double-free in the MAR signing utility. DiD
  • Fixed an issue where URLs could be extracted cross-origin (CVE-2018-18494).
  • Updated NSPR to v4.20.
  • Updated NSS to 3.41, providing (among other things) full compatibility with the final version of TLS 1.3 on websites.
  • Updated location.protocol to the latest spec.
  • Updated Intersection Observers to the latest spec and enabled them by default.
  • Updated the SQLite lib to 3.26.0.
  • Fixed errors about the login manager's recipeManager not being available (yet).
  • Switched status bar download arrow to SVG.
  • Fixed a crash in IntersectionObservers.
  • Fixed initialization of the Search service from browser code to avoid synchronous init.
  • Added logging of performance warnings to devtools consoles.
  • Fixed favicons in taskbar tab preview listings.
  • Blocked Comodo IS dll < version 6.3 to prevent startup crashes.
  • Fixed issues in the HTML form submit observer module.
  • Limited resolving depth of CSS variables to a sane maximum (fixes cras.sh issue).
  • Removed Mozilla's proprietary constructor on WebAudio's AudioContext, aligning it with the standard specification.
  • Exposed the previously hidden preference in about:config for page thumbnail generation (some people prefer this for local privacy).
  • Aligned Element.ScrollIntoView with the DOM specification. This improves, among other things, compatibility with the React framework.

Download:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



2 comments:

Anonymous said...

Hi, Corrine

On the subject of Palemoon, it seems every time I open it now (for about the last week or so) I get a pop-up about letting "updater.exe" run. Is this safe? I did some online searching but nothing seems to have updater.exe associated with Palemoon.

Scott

Corrine said...

Hi, Scott.

I gather that you haven't manually checked for the latest Pale Moon update. The notice you are seeing is for downloading and installing that update. You can manually check and install the update by clicking Help > About Pale Moon and when the window opens, click Check for Updates in order to get the latest version 28.8.0.