The Pale Moon Project - Custom-built and optimized Firefox browsers for Windows Operating Systems

Pale Moon: Release notes

24.6.2 (2014-06-16)

A point release to address some further outstanding issues with the overhauled rendering engine.

Fixes/changes:
  • Automate rendering back-end selection and use cairo as appropriate.
    This should fix start-up problems on all types of graphics cards regardless of vendor.
  • Fix font subpixel rendering in menus when on cairo backend (D2D off)
  • Cairo: Prevent falling back to padding when not strictly needed.
    Performance regression fix if D2D isn't used.
  • Azure: Use correct device offsets.
  • Prevent crashes due to the allocation of source surfaces to errored surfaces
    This prevents some miscellaneous browser crashes occurring with cairo on azure.

24.6.1 (2014-06-08)

A quick point release update mainly to address startup crashes.

Fixes/changes:
  • Update to address startup crashes if users previously changed the setting for Azure for Content
  • Update for texture handling to restore GDI compatibility (should fix some graphics glitches)
  • Fix to handle invalid PDF plugin overlay state
  • Misc. additional security fixes ported over from Firefox (bug #s 991981, 995679, 999651, 1009952, 1011007)

24.6.0 (2014-06-06)

This is a major update including a rendering engine overhaul and a number of very important fixes. For details about the changes, please see the detailed changelog on the forum.

Fixes/changes:
  • Allow animated personas (lightweight themes)! You will need to set a preference for this.
  • Fix regularly occurring browser crashes with hardware acceleration enabled on DirectWrite 6.2/6.3 (Win 7 with Platform Update, Windows 8/8.1).
  • Fix font rendering issues on DirectWrite 6.2/6.3, especially on legacy AMD hardware. (KB2670838 issues).
  • Fix Windows version detection issues on Windows 8.1.
  • Shuffle reported plugin installation order to confuse trackers.
  • Clean up jumplist icons so they no longer pile up on disk on some systems (also a privacy concern).
  • Change the sync server to a (new) Pale Moon sync server.
  • Update the status bar code: Full-screen HTML5 video will no longer have status pop-ups overlaid.
  • Add code to selectively ignore "autocomplete=off" on signon input fields.
  • Linux: reduce gstreamer CPU overhead.
  • Fix styled HTML buttons to address misaligned button contents (wrong baseline), e.g. gmail account chooser.
  • Fix an old IonMonkey bug resulting in incorrect math results in some cases.
  • Improve the performance of editor initialization.
  • Update the Pale Moon icon for better display on lower color depths.
  • Media: use a simpler way to discard superfluous audio packets.
Security fixes:
  • Bug #994907 - imgDecoderObserver does reference counting on different threads, so should be using thread safe reference counting.
  • Bug #992274 - Tweak an edge case in line number handling.
  • Bug #995603 - Ensure mouse-enter/exit events are sent to plugins as appropriate.
  • Bug #1005552 - Stop binding marquee event handlers + misc related fixes.
  • Bug #1000185 - Fix several issues with SMIL.
  • Bug #978811 - Fix isFakeExitFrame to return true for entry frames.
  • Bug #996715 - IonMonkey: Remove the code that bails when determining if the second instruction in a chunk is a branch.
  • Bug #967354 - Fix incorrect usage of UpdateWebGLErrorAndClearGLError();
In addition, Pale Moon also has a public Git repository now:
https://github.com/MoonchildProductions/Pale-Moon

24.5.0 (2014-04-25)

This is a security and bugfix release, to address outstanding known issues and streamline browser identity.

Fixes/changes:
  • Fix plugin doorhanger code for removed-node confusion.
  • Remove Mozilla Corp specific details from search plugins, to clearly indicate the client is Pale Moon, and to make sure searches are not counted by search providers towards any other browser's search totals by mistake.
  • Make sure to set both "warnOnClose" and "warnOnCloseOther" prefs to false when users choose to disable this check in the popup prompt.
  • Update branding: Remove nightly branding altogether - only have unofficial+official,  and fix the broken About dialog branding.
  • Bugfix: Clamp level of WebGL TexImage operations to 32-bits to avoid issues on x64 architectures.
  • Update Linux theme: feed icon
  • Bugfix: Add Firefox Compatibility flag to unofficial branding.
  • Workaround for several prominent websites complaining about an "outdated browser".
Security fixes:
  • Bug #987003 - Be more careful sandboxing javascript: URLs.
  • Bug #952022 - Add missing detachAsmJSModule.
  • Bug #986843 - Replace AutoHoldZone with AutoCompartmentRooter.
  • Bug #989183 - Check for nsXBLJSClass.
  • Bug #980537 - Only store FakeBackstagePass instances in mThisObjects.
  • Bug #986678 - Fix type check in TryAddTypeBarrierForWrite.
  • Bug #966006 - Fix security issue in DNS resolver.
  • Bug #944353 - Avoid spurious decoding of corrupt images.
  • Bug #969226 - Avoid buffer overflow in corrupt ICC profiles.
  • Bug #991471 - Fix offset when setting host on URL.
  • Bug #993546 - Don't try to malloc-free 0-size memory chunks.
  • Bug #992968 - Avoid OOM problems with JIT code caching

24.4.2 (2014-04-02)

A small bugfix release, and implementing OCSP-stapling for SSL connections.

Fixes/changes:
  • Added OCSP-stapling.
  • Removed download status indicator from default set in status bar code to fix erroneous pop-up locations of the downloads panel.
  • Fixed errors with synchronous OCSP-stapled calls.
  • Reduced the timeout for OCSP requests to 2 seconds unless OCSP is required by the server.
  • Added proper handling of fragment loading (Bug #s 895557&987140). security fix
  • Updated status bar localizations: kn-IN and pt-PT.

24.4.1 (2014-03-19)

A small security and bugfix release.

Fixes/changes:
  • Bugfix: the new status bar code in 24.4.0 had a bug, preventing the downloads panel/window from opening when clicking on the download status indicator. There may have been a few other, similar small usability bugs in the same code that have now been fixed.
  • Feature update: Selecting "Warn me when closing multiple tabs" in the Options window will now apply both to closing a window and closing other tabs in the tab bar.
  • Bug #940714 - Add an RAII class to make synchronous raster image decoding safer.
  • Bug #896268 - Use a stateless approach to synchronous image decoding. security fix
  • Bug #982909 - Consistently use inner window when calling OpenJS. security fix
  • Bug #982957 - Fix crash if certain sweeps run out of memory. security fix
  • Bug #982906 - Remove option for security bypass in URI building. security fix
  • Bug #983344 - JavaScript: Simplify typed arrays and fix GC loops. security fix
  • Bug #982974 - Be paranoid about neutering ArrayBuffer objects. security fix

24.4.0 (2014-03-10)

This update changes the new title behavior slightly and updates a lot of things under-the-hood.

Fixes/changes:
  • By popular request: the new page title (when using the Pale Moon App button) will now follow the operating system default alignment (in most cases), meaning it will align left on Windows Vista and Windows 7 by default instead of center. If you want to hide the title or align it differently, please see the FAQ section on the forum.
  • Updated status bar code to the latest "non-australis" version and license change to MPL 2.0 to bring it in line with the rest of the browser code, making it an integral part of the source tree to streamline building (also for 3rd parties).
  • Changed the way Pale Moon handles file and protocol associations. This will prevent interoperability issues if you have both Firefox and Pale Moon installed on the same system. A side effect is that Pale Moon will ask you (once) to make it the default browser again when you install this update, because of the new associations to be made.
  • Changed the search default to DuckDuckGo.
  • Added DuckDuckGo logo to about:home.
  • Changed some things in the build system, back-end code and build configuration to improve overall performance of the browser.
  • Switched to the use of a more compact browser filesystem layout, improving overall start-up speed.
  • Precompiled script cache in the application, improving overall start-up speed at the expense of some disk space.
  • Added MPS detection for non-windows operating systems (NSPR fallback method) instead of always "1".
Bugfixes ported over:
  • Bug #968461 - Fix imgStatusTracker.h to build with gcc 4.4.
  • Bug #912322 - Make sure document.getAnonymous* is no longer available to web content.
  • Bug #894448 - Move IsChromeOrXBL to xpcpublic.h.
Security fixes:
  • Bug #963198 - Don't mix up byte-size and array-length.
  • Bug #966311 - Calculate frame size for stereo wave.
  • Bug #958867 - Consistent OwningObject handling in IDBFactory::Create methods.
  • Bug #925747 - Patch file extraction cleanup.
  • Bug #942152 - Fix error handling on NSS I/O layer.
  • Bug #960145 - IonMonkey: Don't ignore OSR-like values when computing phi ranges.
  • Bug #965982 - Clean up client threads before I/O on shutdown.
  • Bug #950604 - Backport of a small typed array bugfix.
  • Bug #967341 - Fix up URI management.
  • Bug #963974 - Null mCurrentCompositeTask after calling Cancel() on it.

24.3.2 (2014-02-11)

An update to implement TLS v1.2, implement a few new features and fix some minor bugs.

Fixes/changes:
  • New feature: Implemented the TLS v1.1 (RFC 4346) and TLS v1.2 (RFC 5246) protocols for improved https security.
  • Changed the list of supported encryption ciphers and order of preference to provide you with secure, speedy connections wherever possible.
  • New feature: Added CSS background-attachment:local
  • New feature: Added dashed-line stroke support for canvas drawing (set/get/offset)
  • Adjusted geolocation timings to prevent IP bans in testing mode and to give you a slightly faster response to the request.
  • Adjusted the new window title position some more to account for edge cases.
  • Fixed the installer to use the proper class for checking if Pale Moon is already installed/running.
  • Security fix: bug #966021 - Fix load_truetype_table in the cairo dwrite font backend.

24.3.1 (2014-01-31)

A minor bugfix release to address some issues with new code in 24.3.

Fixes/changes:
  • Fine-tuned the title-bar title text position to work a little better on Windows 8 systems.
  • Fixed a problem with the classic download manager window not opening and/or downloads not starting when using the classic download manager.
  • Security fix: Bug 945334 - Fix runnable pointer holding.
  • Merged Linux-specific theme code into the source tree for the pm4linux project.

24.3.0 (2014-01-28)

A fairly significant update with feature updates, bugfixes, and security fixes.

Changes and bugfixes:
  • New build: Atom-optimized Pale Moon
    After some thorough testing, the Atom/netbook builds are being released as final. These builds are specifically made for PCs with Intel Atom processors. More information can be found on the Atom builds page.
  • New feature: the title has been brought back to the title bar
    When using the Application Menu (Pale Moon button), the title bar of the browser window would be blank. Considering this is wasted space, the page title will now be displayed in the title bar again (it's called a title bar for a reason, after all!). Several different styles have been implemented to cater to different OS version layouts.
  • Removal of the services tab in the Add-on Manager
    It will be visible only if someone actually has a service extension installed (similar to how language packs work)
  • Improvement of UI consistency
    Removal of illogical selective hiding of the navigation bar and toolbars when in tabs-on-top mode (Add-ons manager, permissions manager, etc.). Browser chrome will now never be hidden.
  • Bugfix: When using the classic downloads window, downloads in private windows were not shown
    If you use the classic downloads window and would open a Private Browsing (PB) window, there was no easy way to see which downloads were done in the PB window. When checking the downloads, it would open up the (non-PB) classic downloads window which does not have downloads listed from the PB session. This has been fixed, and PB windows will now open a new tab in the PB window with the downloads from that private session.
  • Bugfix: Geolocation didn't work in Pale Moon
    This was caused by the Firefox standard geolocation provider (Google Inc.) now requiring an API key to request geolocation coordinates. Only official Mozilla Firefox builds will have working geolocation from Google.
    Pale Moon has switched provider to IP-API.com to address this issue, with the required re-write of code for the different type of request. More information on the forum.
  • Bugfix: The "More information" link for blocked add-ons didn't work
  • Bugfix: Certain scaled fonts would have malformed letters
    On Vista and later with hardware acceleration enabled, certain letters of some font families would become malformed and difficult to read because of a Direct2D scaling issue. These fonts should now render sharp and more legibly.
  • Romanian has been added to the status bar localizations
Bugfixes ported over:
  • Bug #903274 - Have the search bar binding's initialization callback bail out if the binding is destroyed.
  • Bug #951142 - Check for a close method to be present on the binding before invoking it.
  • Bug #908915 - Fix compartment mismatch in shell decompileThis and disassemble functions.
  • Bug #950909 - Forward native aggregation to the root XPCWrappedJS.
  • Bug #937152 - Remove XPCWrappedJS::mMainThread and mMainThreadOnly.
  • Bug #948134 - Fix "value is not defined" in PlacesDBUtils.jsm.
  • Bug #822425 - Expose a few simple compartment assertions in jsfriendapi.
  • Bug #932906 - Observer no longer called when using overlay
Security fixes:
  • Update of the NSS library to 3.15.4 RTM
  • Bug #936808 - Serialize calls to PK11 routines in SSLServerCertVerification.
  • Bug #945939 - Use the pre-split value when numbering values.
  • Bug #911864 - Fix several XBL issues
  • Bug #921470 - Remove hasFallbackStub_ check in resetMonitorStubChain.
  • Bug #950590 - Use nsRefPtr for gfxFontGroup's reference to the user font set, and support changing it from canvas context.
  • Bug #937697 - Simplify some BoundsCheckRange code.
  • Bug #936056 - Be consistent about the thisobj we pass to getters.
  • Bug #953114 - Fix GetElementIC typed array issue.
  • Bug #937132 - SpiderMonkey: Check for overflows in LifoAlloc.
  • Bug #932162 - Dispatch IndexedDB FileInfo releases to the main thread.
  • Bug #951366 - Use AutoDetectInvalidation for disabled GetElement caches.
  • Bug #950438 - IonMonkey: The intersection of two ranges that both contain NaN is not empty.
  • Bug #950268 - Fix leak in nsCertTree::GetDispInfoAtIndex.
  • Bug #932906 - Exempt Remote XUL from CanCreateWrapper checks.
  • Bug #882933 - Copy treatAsRunOnce bit when cloning scripts, don't clone scripts unnecessarily for arrow lambdas.
  • Bug #901348 - Duplicate symbol errors building --with-intl-api.
  • Bug #925896 - Properly reference session data
  • Bug #943803 - Use monitor instead of mutex locking for raster images
  • Bug #942164 - Use weak references to imgRequest consumers
  • Bug #947592 - Streamline ReportLoadError.

Release notes for previous versions (unsupported)

You can find the release notes for previous releases of Pale Moon on the Archived Versions Release Notes page.

Firefox, Mozilla Firefox and Mozilla are registered trademarks of the Mozilla Corporation.
Site and contents © 2009-2014 Moonchild Productions - All rights reserved
Pale Moon's distribution is subject to the following redistribution policy