Pale Moon Version 28.14.0 Released With Security Updates

Pale Moon has been updated to version 28.14.0. The update is a development and security update.  Linux versions will follow shortly.

Note: Included in the updates are DiD* patches.

*DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

From the Release Notes:

Changes/fixes:

• Updated the browser identity code for website security to more clearly indicate website status.
  A detailed explanation is available on the forum and beyond the scope of these release notes.
• Updated unofficial branding to be more generic and more clearly separate unofficial builds from Pale Moon as a product.
  Please note that this goes hand in hand with an update of our redistribution license, and from this point forward any "New Moon" products are to be considered separate, and not unofficial Pale Moon builds or in any way related to or affiliated with Pale Moon, despite the similarity in name.
• Added a preference (signon.startup.prompt) to give users the option to ask for the Master Password the moment the application starts (before the main window opens). This allows a workaround for getting multiple Master Password prompts if individual components need access to the password store at the same time.
• Changed the way download sources are displayed to always use the actual domain downloads are from. In some situations the browser would previously display the domain of the referring page in an inconsistent fashion.
• Implemented the ES2019 Object.fromEntries() utility function.
• Implemented the CSS flow-root keyword.
• (Re-)implemented percentage-based CSS opacity values according to the updated spec.
  
• Implemented the last few missing bits for a standards-compliant implementation of JavaScript modules.(preloading, resource: scheme, etc.)
• Implemented the ResizeObserver DOM API.
  
• Fixed a null crash on some websites using CSS clip paths.
• Updated script handling inside SVGs to only run scripts if they are enabled and permitted, avoiding a potential XSS pitfall.
• Fixed several memory safety hazards and crashes.
  
• Updated the MediaQueryList interface to the updated spec. It now inherits from EventTarget and implements AddEventListener/RemoveEventListener in addition to AddListener/RemoveListener and should improve web compatibility for some sites.
• Removed support for the archaic and non-standard <marquee> element.
• Removed some leftovers from the discontinued plugin update checker service.
• Removed some internal HPKP implementation leftovers.
• Cleaned up the Windows widget code to reduce potentially vulnerable direct-dll loads.
  
• Security issues fixed: CVE-2020-15676 and CVE-2020-15677
• Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 1 defense-in-depth, 7 not applicable.

 Pale Moon includes both 32- and 64-bit versions for Windows:

• 32x:  Pale Moon - x32 builds
• 64x:  Pale Moon - x64 builds

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...