Pale Moon has been updated to version 32.5.0. This is a major development and security update.
Changes/fixes:
- Added an initial implementation of the ReadableStreams API, improving web compatibility with sites that apparently use this API in utilitarian fashion.
- Added support for transparency in WebM videos for the edge case of using <video> elements for transparent animated images. Major caveat: this will massively impact performance of video playback if an alpha channel is present in the video.
- Added support for crypto.randomUUID to allow website scripting to generate random UUIDs (universally unique identifiers) through the WebCrypto interface.
- By user request, added a preference browser.bookmarks.openInTabClosesMenu (default true) to allow users to configure if they want to keep the bookmarks menu open if they open bookmarks from it in a new tab (by middle-clicking or Ctrl-clicking). The default behavior is to close the bookmarks menu like any other menu when an option in it is clicked.
- Removed the user-agent override for Netflix, since they have stopped supporting the Silverlight browser plugin. Pale Moon no longer has a way to provide Netflix DRM-controlled playback with them dropping it, so there is no longer a reason to try and force compatibility.
- Updated the user-agent override for Spotify. While it is possible to use the website with this, it suffers from the same DRM issue and not all media will be playable (only non-encumbered media can be played in Pale Moon like podcasts). Your mileage may vary.
- Implemented timer nesting and clamping for workers, preventing timer hangs on bad website code.
- Improved handling of drawing SVG images on canvases without explicit width or height attributes. We now follow the css-sizing-3 Intrinsic Sizes spec.
- Improved performance of our memory allocator.
- Updated libvpx to 1.6.1.
- Cleaned up and updated some media playback code.
- Removed the inclusion of GMP (Gecko Media Plugin) support from Pale Moon, as it was only in use for EME/DRM and WebRTC, neither of which we support.
- Removed the last vestiges of EME/DRM code from UXP, since this will never be supported in any application building on it due to the media industry's draconic policies around FOSS.
- Removed simd.js, moving actually used SIMD handling to C++.
- Removed the use of libav in our source, replacing its supply of FFT with the equivalent from FFMpeg.
- Fixed potential type confusion in IonMonkey due to 3-byte opcodes.
- Fixed an issue with tooltips persisting even if the browser window would have lost focus.
- Fixed PerformanceObserver navigation and resource timing (default disabled for privacy); our implementation now fully passes conformance tests.
- Fixed an issue where top-level SVG images would not be correctly clipped by positioned elements, giving the impression of wrong z-ordering as the SVG would overlap other elements.
- Dev: Updated setInterval to fall back to 0 if no duration is supplied.
- Dev: Updated ResizeObserver to a recent spec change, now returning an array of results for borderBoxSize and contentBoxSize instead of an object.
- Dev: Updated Intl.NumberFormat and DefaultNumberOption() to follow spec updates. Most importantly for web compatibility, we now allow the "maximumFractionDigits" option in Intl.NumberFormat to be less than the default minimum fraction digits for the chosen locale, following the general consensus in TC39 around this issue.
- Increased leniency (removed upper limit) of GLSL versions as they tend to be fully backwards compatible.
- Fixed various crashes.
- Added a safeguard to the sec-gpc header (Global Privacy Control) so it cannot be inadvertently overwritten.
- Security fixes: addressed CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5727 and several other issues without a CVE number assigned to them.
- UXP Mozilla security patch summary: 6 fixed, 2 DiD, 19 not applicable.
Notes:
*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Release Notes
Release Cycle
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment