Tuesday, June 07, 2022

Pale Moon Version 31.1.0 Released with Security Updates

          

Pale Moon

Pale Moon has been updated to version 31.1.0.  This is a major development update, focusing on media support, browser stability, performance and web compatibility.

Linux versions will be released with a little delay due to the need for a last-minute rebuild.

Additional information about the update is available in the Release Notes under the heading, "Implementation/build notes".

Changes/Fixes:

  • Added Mojeek as an additional search engine in the browser. See implementation notes.
  • Implemented "nullish coalescing operator" (thanks, FranklinDM!) for web compatibility.
  • Fixed various crash scenarios in XPCOM.
  • Fixed an important stability and performance issue related to hardware acceleration.
  • Fixed a long-standing issue where overly-long address bar tooltips wouldn't break into multiple lines but instead cut off on the right side.
  • Fixed a long-standing issue where dynamic datalist updates for <select> and similar elements wouldn't properly update the option list.
  • Disabled broken links to MDN articles in developer tools.
  • Updated media support to include support for libavcodec 59/FFmpeg 5.0 for MP4 playback on Linux (thanks, Travis!)
  • Enabled the date picker for <input type=date>. See implementation notes.
  • Re-enabled the use of FIPS mode for NSS. See implementation notes.
  • Improved memory handling and memory safety in the JavaScript engine, further reducing current and future crash scenarios.
  • Improved memory handling in the graphics subsystem of Goanna.
  • Updated FFvpx to v4.2.7
  • Slightly reduced strictness of media checking for improved compatibility with questionable "gif" video encoders used on major websites.
  • Cleaned up the way file pickers (file open/save/save as dialogs) are handled on Windows.
  • Restored the gMultiProcessBrowser property of the browser for Firefox extension compatibility. See implementation notes.
  • Improved the way data is transferred to and from canvases to prevent memory safety issues.
  • Updated NSS to 3.52.6 to address security issues.
  • Reduced blocking severity for some extensions that were marked hard blockers for GRE (but aren't for UXP).
  • Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other security issues that do not have a CVE number.
  • UXP Mozilla security patch summary: 2 fixed, 1 DiD, 26 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: