Friday, December 18, 2020

Pale Moon Version 28.17.0 Released With Security Updates


Pale Moon

Pale Moon has been updated to version 28.17.0.  This is a development, bugfix and security update.

Changes/fixes:

  • Changed the way dates and times are formatted in the UI to properly adhere to the user's regional settings in the O.S.
  • Re-enabled the DOM Filesystem API for web compatibility.
  • Moved the global user-agent override to the networking component. See implementation notes.
  • Worked around crashes and run-time issues with module scripts. See implementation notes.
  • Fixed a website layout issue with table-styled elements potentially overlapping when placed inside a flexbox.
  • Fixed some code logic issues with websockets.
  • Fixed a regression when waking the computer from standby causing high CPU usage in some uncommon situations.
  • Updated the list of prohibited ports the browser can use. See implementation notes.
  • Updated root certificates.
  • Windows: Changed the way downloaded files without an extension are handled. See implementation notes.
  • Mac-beta: Improved version detection of MacOS including Big Sur.
  • Security issues addressed: CVE-2020-26978 and CVE-2020-35112.
  • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 1 deferred to the next release, 16 not applicable.

 Implementation notes:

  • The global user-agent override was moved to the networking component where it is actually implemented. The new preference name is network.http.useragent.global_override. Please note that using a blanket override is normally (very) counterproductive and does not, in fact, help much with privacy. It would also override the compatibility modes (Native/Gecko/Firefox) in Pale Moon. As such, the browser will now warn you if the user-agent is globally overridden (in preferences) and allow you to easily reset that override and re-enable the various compatibility modes.
  • Module scripting caused some persistent and very hard to track browser crashes that we've narrowed down to a specific optimization in the JavaScript JIT (Just-In-Time) compiler (IonMonkey). This optimization is now disabled by default but if you need that little extra performance (usually only noticed in very optimized code or some benchmarks) then you can re-enable it, trading in stability, by setting the new preference javascript.options.ion.inlining to true.
  • Prohibited ports: Pale Moon maintains a blacklist of ports the browser may normally not connect to on servers, to mitigate abusive web scripting employing your browser as an attack bot on servers (e.g. by connecting to mail servers or what not), NAT slipstreaming, and similar security issues. To more thoroughly prevent known abusable ports on servers, this list was extended with a number of additional default ports for various non-http protocols.
  • Downloaded files without a file extension: When a file without an extension is downloaded, we will now open the download folder where you may choose to take any specific action manually, instead of trying to execute it as a program or through an associated program.

  Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


2 comments:

Anonymous said...

Zero problems with PM 28.17 so far. Running win7 pro, PM Portable off a flash drive, sandboxed. Lots of extensions...smooth as can be and never a problem. thanks PM Merry Christmas!!

Corrine said...

You're welcome. Merry Christmas! 🎄