Pale Moon 28.8.0

Pale Moon

Pale Moon is an Open Source, Goanna-based web browser available for Microsoft Windows, Linux and Android, focusing on efficiency and ease of use. Make sure to get the most out of your browser!

Pale Moon offers you a browsing experience in a browser completely built from its own, independently developed source that has been forked off from Firefox/Mozilla code, with carefully selected features and optimizations to improve the browsers speed, resource use, stability and user experience, while offering full customization and a growing collection of extensions and themes to make the browser truly your own.

Features:

Optimized for modern processors
Based on proprietary optimized layout engine (Goanna)
Safe: forked from mature Mozilla code and regularly updated
Secure: Additional security features and security-aware development
Supported by our user community, and fully non-profit
Familiar, efficient, fully customizable interface
Support for full themes: total freedom over any elements design
Support for easily-created lightweight themes (skins)
Smooth and speedy page drawing and script processing
Increased stability: experience fewer browser crashes
Support for many Firefox extensions
Support for a growing number of Pale Moon exclusive extensions
Extensive and growing support for HTML5 and CSS3
Many customization and configuration options

Pale Moon 28.8.0 realease notes:

This is a major development release. Many things have been improved, some landmark features have been added/enabled, and many libraries have been updated for added stability and performance. We hope you are as happy with this progress as we are!

New features:

Added support for modern Solaris operating systems like Illumos (thanks Athenian200!).
Implemented position:sticky for table parts - You can now use CSS to e.g. stick table headers so they don't scroll off the screen!
Enabled basic implementation of module type scripting. While not fully spec compliant (yet), this will fix the few web compatibility issues with sites that rely on this feature without fallback (e.g. the Chromium bugtracker).
Implemented Promise.prototype.finally() (ES2018).
Implemented Regular Expression lookbehind (ES2018).
Implemented Regular Expression /s flag (dotAll support) (ES2018).
Implemented String.prototype.matchAll (regex) (ES2020).
Added Ekoru to the list of default search engines. This is a Bing-backed search engine that donates the majority of its revenue to various charities that support the planet and animals. An environment-supporting alternative to Ecosia if you don't want to support Google in the process.

Changes/fixes:

Changed the way tables are rendered to fix a number of spec compliance issues and allow relative positioning of table parts.
Now building against the Windows 10 SDK 10.0.17763.132 for increased compatibility with Windows 10 and improved Spectre mitigation.
Removed the unused DiskSpaceWatcher component.
Updated cairo code.
Updated SQLite to 3.30.1.
Updated the Brotli library to 1.0.7.
Updated the woff2 library to 1.0.2.
Updated the OpenType Sanitizer to 8.0.0.
Updated the Javascript math library for precision and performance fixes.
Updated the embedded Emoji font to Mozilla's COLR-mapped twemoji 0.5.0 (Twemoji 12.1.3), to support Emoji 12.
Improved CSS grid rendering.
Changed packaging for archives to use 7z/xz instead of zip/bz2.
Made the second argument of (DOM/CSS) insertRule() optional for (Chrome) web compatibility.
Removed the non-standard object.prototype.watch()/unwatch() functions. Please note that this may affect some extensions; those will need to be updated to no longer use these non-standard functions.
Fixed the status bar module to work around an issue with relying on watch()/unwatch().
Fixed a build failure in the libcubeb sndio module.
Fixed a small oversight in the release branch that would potentially still mark jnlp files as executable.
Fixed the certificate retrieval logic in the certificate exception dialog.
Fixed an issue with add-ons potentially getting confused during add-on updates due to cached scripts.
Fixed a crash due to unnecessary reparenting calls in layout.
Reinstated the mentioning of the number of accelerated/total windows in Troubleshooting Information, for completeness.
Moved the embedded font for Emoji from application to platform so all UXP applications can easily benefit from it (thanks Tobin!).
Cleaned up the jemalloc code: Removed dead/unused code, removed conditionals around "always on" code, and made the allocator VLA-free.
Fixed an oversight in the release branch still marking "jnlp" (Java Web Start) as executable.

Security-related fixes:

Removed the silent fallback to insecure install locations on Windows.
Pale Moon will no longer by default install into unprotected program locations (this was a regression in v28).
If your operating system account does not have the necessary privileges, you need to manually select an accessible folder to install into. This is important to prevent malware from modifying installed programs in well-known but otherwise unprotected installation locations.
Added a preference for, and disabled, the confirmation prompt for URL authentication (prevents evil traps).
Disabled the use of HPKP by default due to the inherent risks involved with this feature. A preference was added to completely disable header processing, and using preloaded pins is effectively disabled. Please note that this is automatically disabled by default for everyone, regardless of your previous setting for this feature, and it is strongly recommended you keep this feature disabled. HPKP will eventually be removed (overall Internet concensus).
Fixed a potential issue when interacting with plugins. (DiD)
Fixed a potential crash scenario when reading PAC configuration. (DiD)
Fixed a potential issue with text selection painting. (DiD)
Fixed an issue with element references not being properly updated. (DiD)
Fixed an issue with incorrect saving of web pages as text. (DiD)
Fixed a potential issue with clipboard handling. (DiD)
Fixed a potential issue with attaching the debugger to web workers. (DiD)
Updated NSS to 3.41.4 to address CVE-2019-11756 and CVE-2019-11745.
Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 8 DiD, 16 not applicable.