Tuesday, April 23, 2024

Pale Moon Version 33.1.0 Released with Security Updates

   Pale MoonPale Moon has been updated to version 33.1.0.  This update is a development, stability, and security release.

New features:

  • Implemented support for single-use <link rel=preload> meta tag. This implementation allows use of it without specifying a second <link rel={type}> meta tag to actually load the linked document which was originally intended for this tag (to hint to a browser it should pre-load the document for fast painting).
  • Implemented CSP v3 keywords script-src-elem, script-src-attr, style-src-elem and style-src-attr.
  • Enabled the use of html5's <dialog> by default. While this is not yet a complete implementation, use of it in the wild dictated we enable this early. The implementation should functionally suffice for usage seen so far.
  • Added support for Emoji 15.1.
  • Implemented webkit URL legacy window alias for URL for web compatibility.
  • Implemented CSS shorthands margin-block, margin-inline, padding-block and padding-inline.
  • Added support for querying CPU capabilities (SSE2/AVX/AVX2) to the Navigator interface. For privacy reasons this is not exposed to the web, but can be used by extensions.

Changes/fixes:

  • Fixed broken mousewheel scrolling if building with --disable-npapi.
  • Fixed a minor issue with XUL tree display in some circumstances.
  • Dev: Aligned canvas Path2D.addPath with the updated spec. It now supports DOMMatrix as opposed to SVGMatrix.
  • Removed Stylo (Gecko Rust style system) leftovers from the source tree.
  • Fixed a few potential emoji display issues.
  • Fixed some issues with workers.
  • Fixed an issue with ctrl+c copying in devtools.
  • Fixed crashes when run under WINE because of its lack of support for IDXGIKeyedMutex.
  • Fixed a crash when dealing with a specific (unmaintained) extension.
  • Added .xrm-ms files to the executable warning list on Windows.
  • Added sanity checks on http/2 header sizes.
  • Fixed a potential issue in the JavaScript JIT compiler.
  • Pulled a few fixes from upstream for the OpenType Sanitizer.
  • Added a fix to avoid a potential issue when assigning a media data buffer.
  • Security issues addressed: CVE-2024-3863, CVE-2024-3302, CVE-2024-3857 DiD, CVE-2024-3859 and CVE-2024-3861 DiD.

Notes:

DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: