Pale Moon 26.2.0

Pale Moon

Pale Moon is an Open Source, Goanna-based web browser available for Microsoft Windows and Linux (with other operating systems in development), focusing on efficiency and ease of use. Make sure to get the most out of your browser!

Pale Moon offers you a browsing experience in a browser completely built from its own, independently developed source that has been forked off from Firefox/Mozilla code, with carefully selected features and optimizations to improve the browser's speed, resource use, stability and user experience, while offering full customization and a growing collection of extensions and themes to make the browser truly your own.

Features:

Optimized for modern processors
Based on our own optimized layout engine (Goanna)
Safe: forked from mature Mozilla code and regularly updated
Supported by a friendly, active community of users
Familiar, efficient, fully customizable interface
Support for full themes: total freedom over any element's design
Support for easily-created lightweight themes (skins)
Smooth and speedy page drawing and script processing
Increased stability: experience fewer browser crashes
Support for many Firefox extensions
Support for a growing number of Pale Moon exclusive extensions
Extensive and growing support for HTML5 and CSS3
Many customization and configuration options
Able to import existing Firefox profiles with the migration tool

Pale Moon 26.2.0 is a major update and bugfix release.

Changes:

Implemented the URL API that's needed for a number of websites.
Changed internal keystroke handling within the spec to better align with generally expected behavior.
This should fix the infamous "backspace" issue on Facebook.
Web developers please note: calling preventDefault() in a "keydown" event handler will now prevent most keypress events from firing.
Linux: gstreamer 1.0 support has been implemented and enabled by default (hats off to Travis!)
From this version forward you will need to have gstreamer 1.0 libraries for video playback (0.10 is no longer supported).
Re-styled about:sessionrestore to use more available screen real estate for tab info.
Added an option to use the mousewheel for horizontal scrolling (mouse action value 4).
(e.g. setting mousewheel.with_shift.action to 4 makes Shift+wheel scroll horizontally)
Bumped max icon size for search engine icons to 32 KB to cater to more common use of HiDPI icons.
Fixed some hard-coded branding strings in Sync still reading "Firefox", and similarly changed sync information URLs to point to our relevant pages.
Removed default profile bookmarks pointing to Firefox/Mozilla since the information there no longer applies to us.
Updated UA overrides and XSS configuration to deal with some problematic sites (e.g.: Google, Embedly)
Fixed several issues with the default theme causing problems with behavior due to styling (thanks, Antonius32) (Issue #384 and friends)
Fixed some miscellaneous issues in the internal jemalloc implementation.
Added a configure option to use the full jemalloc lib (jemalloc v3) if the builder so wishes (used for Linux, sys mallocs are not happy there either, so for our generic binaries we switched to this lib now)
Worked around a crash caused by the XSS filter on some fora by bailing on too short and empty strings.
Fixed layout of reflowed comboboxes without enough space.
Fixed a crash related to flexboxes overflowing themselves. (Issue #396)
Added a simple implementation for Weak Messagelisteners. (Issue #399)
Fixed a crash for losing our cache entry while finishing up compression.
(re-apply after unintentional back-out switching to Goanna)
Linux: Worked around driver bugs with Intel drivers that falsely report what they can support in max texture size.
Portable only: Removed compression of the browser components library after some reports that in certain configurations and environments it was causing issues with the browser.

Security fixes:

Updated the graphite font library to 1.3.7+ to solve CVE-2016-2796 and no less than 14 of its friends.
Updated NSS to 3.19.4.2-PM to address several vulnerabilities (UAF, heap overflow).
Updated libvorbis to a much more recent version to fix multiple issues.
Crash fix and DiD fixes by holding strong references to objects in suspect places in the HTML parser. (CVE-2016-1961) (ZDI-CAN-3574)
Fixed several out-of-bounds issues in the VP8 decoder.
Fixed a potentially exploitable crash in XML/XSLT handling.
Applied some Kung Fu to HTML animations and transitions to prevent memory hazards.
Fixed applicable Mozilla code vulnerabilities CVE-2016-1965, CVE-2016-1960 (ZDI-CAN-3545), CVE-2016-1966, and CVE-2016-1963.