Pale Moon has been updated to version 33.3.0. This is a major development update.
Important notes with this version:
- From this version forward, all 64-bit releases require a processor with AVX capabilities! Please keep en eye on the forum for announcements of 64-bit SSE builds by the community if you are on particularly old or otherwise limited hardware that does not support AVX.
- For Linux users: Starting with this version, our binaries are built with gcc 11 on a still conservative but more modern build platform (Oracle Linux 8). As a result, there may be some lib incompatibilities if you are still running on a particularly old distro for some reason. While we try to serve as broad of a Linux base as possible with our binaries, our lowest common denominator will occasionally shift to newer distros as a result of O.S. life cycles, compiler capabilities and available libraries.
Changes/fixes:
- Implemented the bulk of the CSS "cascade layers" spec (
@layer{}
). This implementation is not 100% complete yet, but should satisfy common use of CSS cascade layers on the web. - Implemented support for
Sec-Fetch-*
headers, implementing another mechanism to deal with site security. See this part of the spec for a primer on what this does. - Added support for FFmpeg 7.0 / libavcodec 61 (Linux).
- Pale Moon will now look up hosts in DNS ahead of time to make page navigation smoother. See implementation notes.
- Pale Moon will now block access to the reserved address 0.0.0.0 on non-Windows operating systems. See implementation notes.
- Dev: Aligned rounding behavior and precision ranges of
toFixed
and related functions with the spec. See implementation notes. - Dev: Aligned isTrusted for
PostMessage
andBroadcastChannel
with expected values on the web. See implementation notes. - Dev: Added the
navigator.webdriver
attribute for web compatibility (always false in Pale Moon as we do not support browser automation APIs). - Re-implemented the Durstenfeld shuffle for plugin enumeration that was unfortunately dropped with one of our past rebases, to strengthen fingerprinting resistance.
- Fixed an issue with character clusters (e.g. for text selection) resulting from a regression surrounding our improvements for emoji handling.
- Fixed an issue with setting DOM color values. DiD
- Slightly improved password form handling, detecting previously unsupported field orders.
- Updated NSS to 3.90.4.
- Updated our emoji font to 15.1.2 (Unicode 15.1 with some additional extras/updates).
- Code cleanup:
- Removed unused code related to the (incomplete) FoxEye experiment.
- Removed support code for LibAV and (very) old versions of FFmpeg. We require libavcodec 58 or later (FFmpeg 4.0+) from this version forward (Linux).
- Removed click event dispatching code that is no longer relevant.
- Cleaned up internal macro use in CSS code (this does not impact any exposed APIs or code).
- Removed the hidden
network.dns.disablePrefetchFromHTTPS
pref. DNS prefetching should not be treated differently for http and https. - Security issues addressed: CVE-2024-7531.
Implementation notes:
*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.