Basilisk 2018.07.18

Basilisk

Basilisk is a free and Open Source XUL-based web browser created by the developers of the Pale Moon browser. It is based on the Goanna layout and rendering engine (a fork of Gecko) and builds on the Unified XUL Platform (UXP), which in turn is a fork of the Mozilla code base without Servo or Rust.

Basilisk as an application is primarily a vessel for development of the XUL platform it builds upon, and additionally a potential replacement for Firefox to retain the use of Firefox Extensions. It aims to retain useful technologies that its sibling Firefox has removed.

Requires Windows 7 or later. Windows XP or Windows Vista are not supported.

Main features:

Full support for JavaScript's ECMAscript 6 standard for modern web browsing.
Support for all NPAPI plugins (Unity, Silverlight, Flash, Java, authentication plugins, etc.).
Support for XUL/Overlay Mozilla-style extensions.
Experimental support for WebExtensions (in gecko-target mode). Please note that some Mozilla-specific WebExtension APIs are not yet available.
Support for ALSA on Linux.
Support for WebAssembly (WASM).
Support for advanced Graphite font shaping features.
Support for modern web cryptography: up to TLS 1.3, modern ciphers, HSTS, etc.

Important differences with Mozilla Firefox:

Uses Goanna as a layout and rendering engine. Goanna behaves slightly differently than Gecko in certain respects and may result in different display of web pages. e.g.: Goanna renders gradients in a more accurate color space (non-premultiplied).
Builds on UXP, our XUL platform in development. As such XUL is alive and well in this browser and will not be deprecated.
Has some long-standing known issues with the Mozilla code-base fixed (e.g. CVE-2009-1232).
Does not use Rust or the Photon user interface. You can expect a familiar interface as-carried by Firefox between v29 and v56.
Does not use Electrolysis (e10s, multi-process browsing).
Does not require walled-garden extension signing.

Basilisk 2018.07.18 changelog:

Fixed an issue where windows would not be restored to their proper place if using custom device pixel ratios.
Removed the whole UITour system.
Removed the use of Disconnect if SafeBrowsing isn't built.
Updated the Readability/Reader View components.
Updated Cookie gating to be more strict.
Updated NSPR/NSS and enabled the use of TLS 1.3 by default.
Reinstated string.prototype.contains for compatibility (alias for .includes).
Updated kiss-fft to v1.4.0 (fork).
Fixed a serious memory leak in the WebP image decoder.
Fixed compatibility issues with Youtube Live, .
Improved legibility of fonts at certain scale levels on Windows.
Fixed Firefox-inherited SSL status ambiguity. SSLStatus.CipherName now actually displays the name. The full suite is still available in the (new) property CipherSuite.
Fixed some incorrect CSP handling.
Prohibited web access to the moz-icon:// scheme to solve privacy issues with it.
Fixed crash hazards in the editor.
Removed SSL error reporting telemetry.
Updated libwebp image decoder library to 1.0.0 + sec fixes.
Made it possible for UXP applications to run within a chrooted environment (provided it's compiled against glibc)
Ported several controlling preferences from Pale Moon (prompts.tab_modal.focusSwitch, browser.cache.backend, etc.)
Fixed security issues: CVE-2018-12363, CVE-2018-12366, CVE-2018-12364, CVE-2018-12359, CVE-2018-12367, and CVE-2018-12360.
Fixed a number of security, stability and memory safety hazards that did not have CVE numbers at the time of implementation.