Pale Moon - Your browser, Your way

Pale Moon: Release notes

24.7.2 (2014-09-11)

This is a small bugfix and security update.

Fixes/changes:
  • Use (i) icon for error console informational messages instead of (?)
  • Properly derive and insert the host of a URL security fix
  • Avoid negative audio ratios. security fix
  • Release XPCOM timer immediately after firing to prevent a race condition.
  • Add is-object check to IonBuilder::makeCallHelper. security fix

24.7.1 (2014-08-06)

This is a bugfix release for some outstanding issues in 24.7.0.

Fixes/changes:
  • Fixed a text rendering issue with the new back-end on overdraw layers when hardware acceleration is in use on Windows. This may also solve some additional small issues in the user interface that weren't present before 24.7.0.
  • Fixed the use of Google Maps.
    If you previously used the workaround in 24.7, then please remove the user-set preference (right-click -> reset).

24.7.0 (2014-07-29)

This is a large update to address a good number of different things across the board. If you want more details about these changes, check the more detailed announcement on the forum.

Fixes/changes:
  • Fixed some performance issues with the new rendering engine on Windows. Rendering should be faster for all objects on hardware-accelerated layers now.
  • Font rendering on Direct2D will no longer fall back to greyscale in some situations, preserving ClearType.
  • CSS outlines will now properly outline the object, and not the overflow area (e.g. box shadow).
  • The delay for hiding the default status has been increased from 10 to 30 seconds to keep it on screen sufficiently long but not permanently.
  • Queries for "can play type" on WebM videos now get an HTML5-compliant response ("maybe" instead of "yes" as per the specification when a codec is not included in the request).
  • Pale Moon's gecko rendering engine and Firefox compatibility version now properly follows the minor version of Pale Moon again instead of always returning .0 - this should help UA sniffing websites to more easily detect Pale Moon or adapt to further-developed gecko 24 versions.
  • When using dark/black personas (lightweight themes), the tab close buttons would be almost invisible. They have been lightened a little to make them clearer.
  • Linux: the click behavior on the address bar has been unified with that on Windows, aiming for current-day desktop-clipboard use (select-when-clicked). This is configurable with a preference.
  • "In-content" preferences (preferences displayed in a tab instead of the normal dialog box) has been removed because of redundancy and incompleteness.
  • Checking for updates from the about box now always puts the user in control and never downloads anything directly from the about box. It will pop up the larger update window when an update is found.
  • Google SafeBrowsing, which is defunct, has been removed from the browser. privacy fix
  • Made the building of the Web Developer tools optional when compiling Pale Moon through --disable-devtools.
  • The Atom-optimized version no longer ships with the Web Developer tools to slim down the browser for limited platforms where these tools are considered generally unneeded.
  • Fixed domain highlighting in the address bar. It should no longer randomly lose this formatting when switching tabs or otherwise updating the browser UI.
  • Fixed missing click-to-play overlay on some zoom levels for plugins embedded in an iframe.
  • Fixed large delays in print enumeration on Windows, especially when printing to file: ports.
  • Updated the list of known domain suffixes.
  • Updated site-specific user-agent strings to prevent incorrect complaints from websites (google.com, aol.com, etc.) that use poor detection scripts.
  • Added granular referer control. See the release announcement on the forum for more details on how to use this.
  • Added gr locale to the status bar options.
  • Disabled HQ image downscaling. This is a workaround for the broken Mozilla HQ downscaling back-end causing constant invalidations and redrawing if 2 downscaled images with the same source were in view.
  • Updated the NSS library to 3.16.2 RTM to address a few critical SSL issues. security fix
  • There was a possibility to lose the source frame for raster images if images had to be discarded in low-memory situations. This has been fixed. security fix
  • Made refcounting logic around PostTimerEvent more explicit. security fix
  • Prevented an invalid pointer state in docloader. security fix
  • Added proper refcounting of font faces. security fix
  • Android: lots of branding updates to make it more release-ready.
  • Android: explicitly set the Pale Moon Sync server in preferences.
  • Android: IonMonkey (ARM): guarded against branches being out of range and bail out if so. security fix
  • Android: enabled Firefox compatibility mode on Android to allow the installation of extensions from AMO.
  • Android: added a "Quit" option to the app menu to properly immediately close the browser.
  • Android: IonMonkey (ARM): prevented a performance issue due to clobbering the primary scratch register.
  • Android: enabled mobile-specific optimizations to increase performance on mobile devices.
  • Android: enabled AES-128 and AES-256 in addition to RC4 for Sync.

24.6.2 (2014-06-16)

A point release to address some further outstanding issues with the overhauled rendering engine.

Fixes/changes:
  • Automate rendering back-end selection and use cairo as appropriate.
    This should fix start-up problems on all types of graphics cards regardless of vendor.
  • Fix font subpixel rendering in menus when on cairo backend (D2D off)
  • Cairo: Prevent falling back to padding when not strictly needed.
    Performance regression fix if D2D isn't used.
  • Azure: Use correct device offsets.
  • Prevent crashes due to the allocation of source surfaces to errored surfaces
    This prevents some miscellaneous browser crashes occurring with cairo on azure.

24.6.1 (2014-06-08)

A quick point release update mainly to address startup crashes.

Fixes/changes:
  • Update to address startup crashes if users previously changed the setting for Azure for Content
  • Update for texture handling to restore GDI compatibility (should fix some graphics glitches)
  • Fix to handle invalid PDF plugin overlay state
  • Misc. additional security fixes ported over from Firefox (bug #s 991981, 995679, 999651, 1009952, 1011007)

24.6.0 (2014-06-06)

This is a major update including a rendering engine overhaul and a number of very important fixes. For details about the changes, please see the detailed changelog on the forum.

Fixes/changes:
  • Allow animated personas (lightweight themes)! You will need to set a preference for this.
  • Fix regularly occurring browser crashes with hardware acceleration enabled on DirectWrite 6.2/6.3 (Win 7 with Platform Update, Windows 8/8.1).
  • Fix font rendering issues on DirectWrite 6.2/6.3, especially on legacy AMD hardware. (KB2670838 issues).
  • Fix Windows version detection issues on Windows 8.1.
  • Shuffle reported plugin installation order to confuse trackers.
  • Clean up jumplist icons so they no longer pile up on disk on some systems (also a privacy concern).
  • Change the sync server to a (new) Pale Moon sync server.
  • Update the status bar code: Full-screen HTML5 video will no longer have status pop-ups overlaid.
  • Add code to selectively ignore "autocomplete=off" on signon input fields.
  • Linux: reduce gstreamer CPU overhead.
  • Fix styled HTML buttons to address misaligned button contents (wrong baseline), e.g. gmail account chooser.
  • Fix an old IonMonkey bug resulting in incorrect math results in some cases.
  • Improve the performance of editor initialization.
  • Update the Pale Moon icon for better display on lower color depths.
  • Media: use a simpler way to discard superfluous audio packets.
Security fixes:
  • Bug #994907 - imgDecoderObserver does reference counting on different threads, so should be using thread safe reference counting.
  • Bug #992274 - Tweak an edge case in line number handling.
  • Bug #995603 - Ensure mouse-enter/exit events are sent to plugins as appropriate.
  • Bug #1005552 - Stop binding marquee event handlers + misc related fixes.
  • Bug #1000185 - Fix several issues with SMIL.
  • Bug #978811 - Fix isFakeExitFrame to return true for entry frames.
  • Bug #996715 - IonMonkey: Remove the code that bails when determining if the second instruction in a chunk is a branch.
  • Bug #967354 - Fix incorrect usage of UpdateWebGLErrorAndClearGLError();
In addition, Pale Moon also has a public Git repository now:
https://github.com/MoonchildProductions/Pale-Moon

24.5.0 (2014-04-25)

This is a security and bugfix release, to address outstanding known issues and streamline browser identity.

Fixes/changes:
  • Fix plugin doorhanger code for removed-node confusion.
  • Remove Mozilla Corp specific details from search plugins, to clearly indicate the client is Pale Moon, and to make sure searches are not counted by search providers towards any other browser's search totals by mistake.
  • Make sure to set both "warnOnClose" and "warnOnCloseOther" prefs to false when users choose to disable this check in the popup prompt.
  • Update branding: Remove nightly branding altogether - only have unofficial+official,  and fix the broken About dialog branding.
  • Bugfix: Clamp level of WebGL TexImage operations to 32-bits to avoid issues on x64 architectures.
  • Update Linux theme: feed icon
  • Bugfix: Add Firefox Compatibility flag to unofficial branding.
  • Workaround for several prominent websites complaining about an "outdated browser".
Security fixes:
  • Bug #987003 - Be more careful sandboxing javascript: URLs.
  • Bug #952022 - Add missing detachAsmJSModule.
  • Bug #986843 - Replace AutoHoldZone with AutoCompartmentRooter.
  • Bug #989183 - Check for nsXBLJSClass.
  • Bug #980537 - Only store FakeBackstagePass instances in mThisObjects.
  • Bug #986678 - Fix type check in TryAddTypeBarrierForWrite.
  • Bug #966006 - Fix security issue in DNS resolver.
  • Bug #944353 - Avoid spurious decoding of corrupt images.
  • Bug #969226 - Avoid buffer overflow in corrupt ICC profiles.
  • Bug #991471 - Fix offset when setting host on URL.
  • Bug #993546 - Don't try to malloc-free 0-size memory chunks.
  • Bug #992968 - Avoid OOM problems with JIT code caching

24.4.2 (2014-04-02)

A small bugfix release, and implementing OCSP-stapling for SSL connections.

Fixes/changes:
  • Added OCSP-stapling.
  • Removed download status indicator from default set in status bar code to fix erroneous pop-up locations of the downloads panel.
  • Fixed errors with synchronous OCSP-stapled calls.
  • Reduced the timeout for OCSP requests to 2 seconds unless OCSP is required by the server.
  • Added proper handling of fragment loading (Bug #s 895557&987140). security fix
  • Updated status bar localizations: kn-IN and pt-PT.

24.4.1 (2014-03-19)

A small security and bugfix release.

Fixes/changes:
  • Bugfix: the new status bar code in 24.4.0 had a bug, preventing the downloads panel/window from opening when clicking on the download status indicator. There may have been a few other, similar small usability bugs in the same code that have now been fixed.
  • Feature update: Selecting "Warn me when closing multiple tabs" in the Options window will now apply both to closing a window and closing other tabs in the tab bar.
  • Bug #940714 - Add an RAII class to make synchronous raster image decoding safer.
  • Bug #896268 - Use a stateless approach to synchronous image decoding. security fix
  • Bug #982909 - Consistently use inner window when calling OpenJS. security fix
  • Bug #982957 - Fix crash if certain sweeps run out of memory. security fix
  • Bug #982906 - Remove option for security bypass in URI building. security fix
  • Bug #983344 - JavaScript: Simplify typed arrays and fix GC loops. security fix
  • Bug #982974 - Be paranoid about neutering ArrayBuffer objects. security fix

24.4.0 (2014-03-10)

This update changes the new title behavior slightly and updates a lot of things under-the-hood.

Fixes/changes:
  • By popular request: the new page title (when using the Pale Moon App button) will now follow the operating system default alignment (in most cases), meaning it will align left on Windows Vista and Windows 7 by default instead of center. If you want to hide the title or align it differently, please see the FAQ section on the forum.
  • Updated status bar code to the latest "non-australis" version and license change to MPL 2.0 to bring it in line with the rest of the browser code, making it an integral part of the source tree to streamline building (also for 3rd parties).
  • Changed the way Pale Moon handles file and protocol associations. This will prevent interoperability issues if you have both Firefox and Pale Moon installed on the same system. A side effect is that Pale Moon will ask you (once) to make it the default browser again when you install this update, because of the new associations to be made.
  • Changed the search default to DuckDuckGo.
  • Added DuckDuckGo logo to about:home.
  • Changed some things in the build system, back-end code and build configuration to improve overall performance of the browser.
  • Switched to the use of a more compact browser filesystem layout, improving overall start-up speed.
  • Precompiled script cache in the application, improving overall start-up speed at the expense of some disk space.
  • Added MPS detection for non-windows operating systems (NSPR fallback method) instead of always "1".
Bugfixes ported over:
  • Bug #968461 - Fix imgStatusTracker.h to build with gcc 4.4.
  • Bug #912322 - Make sure document.getAnonymous* is no longer available to web content.
  • Bug #894448 - Move IsChromeOrXBL to xpcpublic.h.
Security fixes:
  • Bug #963198 - Don't mix up byte-size and array-length.
  • Bug #966311 - Calculate frame size for stereo wave.
  • Bug #958867 - Consistent OwningObject handling in IDBFactory::Create methods.
  • Bug #925747 - Patch file extraction cleanup.
  • Bug #942152 - Fix error handling on NSS I/O layer.
  • Bug #960145 - IonMonkey: Don't ignore OSR-like values when computing phi ranges.
  • Bug #965982 - Clean up client threads before I/O on shutdown.
  • Bug #950604 - Backport of a small typed array bugfix.
  • Bug #967341 - Fix up URI management.
  • Bug #963974 - Null mCurrentCompositeTask after calling Cancel() on it.

24.3.2 (2014-02-11)

An update to implement TLS v1.2, implement a few new features and fix some minor bugs.

Fixes/changes:
  • New feature: Implemented the TLS v1.1 (RFC 4346) and TLS v1.2 (RFC 5246) protocols for improved https security.
  • Changed the list of supported encryption ciphers and order of preference to provide you with secure, speedy connections wherever possible.
  • New feature: Added CSS background-attachment:local
  • New feature: Added dashed-line stroke support for canvas drawing (set/get/offset)
  • Adjusted geolocation timings to prevent IP bans in testing mode and to give you a slightly faster response to the request.
  • Adjusted the new window title position some more to account for edge cases.
  • Fixed the installer to use the proper class for checking if Pale Moon is already installed/running.
  • Security fix: bug #966021 - Fix load_truetype_table in the cairo dwrite font backend.

24.3.1 (2014-01-31)

A minor bugfix release to address some issues with new code in 24.3.

Fixes/changes:
  • Fine-tuned the title-bar title text position to work a little better on Windows 8 systems.
  • Fixed a problem with the classic download manager window not opening and/or downloads not starting when using the classic download manager.
  • Security fix: Bug 945334 - Fix runnable pointer holding.
  • Merged Linux-specific theme code into the source tree for the pm4linux project.

24.3.0 (2014-01-28)

A fairly significant update with feature updates, bugfixes, and security fixes.

Changes and bugfixes:
  • New build: Atom-optimized Pale Moon
    After some thorough testing, the Atom/netbook builds are being released as final. These builds are specifically made for PCs with Intel Atom processors. More information can be found on the Atom builds page.
  • New feature: the title has been brought back to the title bar
    When using the Application Menu (Pale Moon button), the title bar of the browser window would be blank. Considering this is wasted space, the page title will now be displayed in the title bar again (it's called a title bar for a reason, after all!). Several different styles have been implemented to cater to different OS version layouts.
  • Removal of the services tab in the Add-on Manager
    It will be visible only if someone actually has a service extension installed (similar to how language packs work)
  • Improvement of UI consistency
    Removal of illogical selective hiding of the navigation bar and toolbars when in tabs-on-top mode (Add-ons manager, permissions manager, etc.). Browser chrome will now never be hidden.
  • Bugfix: When using the classic downloads window, downloads in private windows were not shown
    If you use the classic downloads window and would open a Private Browsing (PB) window, there was no easy way to see which downloads were done in the PB window. When checking the downloads, it would open up the (non-PB) classic downloads window which does not have downloads listed from the PB session. This has been fixed, and PB windows will now open a new tab in the PB window with the downloads from that private session.
  • Bugfix: Geolocation didn't work in Pale Moon
    This was caused by the Firefox standard geolocation provider (Google Inc.) now requiring an API key to request geolocation coordinates. Only official Mozilla Firefox builds will have working geolocation from Google.
    Pale Moon has switched provider to IP-API.com to address this issue, with the required re-write of code for the different type of request. More information on the forum.
  • Bugfix: The "More information" link for blocked add-ons didn't work
  • Bugfix: Certain scaled fonts would have malformed letters
    On Vista and later with hardware acceleration enabled, certain letters of some font families would become malformed and difficult to read because of a Direct2D scaling issue. These fonts should now render sharp and more legibly.
  • Romanian has been added to the status bar localizations
Bugfixes ported over:
  • Bug #903274 - Have the search bar binding's initialization callback bail out if the binding is destroyed.
  • Bug #951142 - Check for a close method to be present on the binding before invoking it.
  • Bug #908915 - Fix compartment mismatch in shell decompileThis and disassemble functions.
  • Bug #950909 - Forward native aggregation to the root XPCWrappedJS.
  • Bug #937152 - Remove XPCWrappedJS::mMainThread and mMainThreadOnly.
  • Bug #948134 - Fix "value is not defined" in PlacesDBUtils.jsm.
  • Bug #822425 - Expose a few simple compartment assertions in jsfriendapi.
  • Bug #932906 - Observer no longer called when using overlay
Security fixes:
  • Update of the NSS library to 3.15.4 RTM
  • Bug #936808 - Serialize calls to PK11 routines in SSLServerCertVerification.
  • Bug #945939 - Use the pre-split value when numbering values.
  • Bug #911864 - Fix several XBL issues
  • Bug #921470 - Remove hasFallbackStub_ check in resetMonitorStubChain.
  • Bug #950590 - Use nsRefPtr for gfxFontGroup's reference to the user font set, and support changing it from canvas context.
  • Bug #937697 - Simplify some BoundsCheckRange code.
  • Bug #936056 - Be consistent about the thisobj we pass to getters.
  • Bug #953114 - Fix GetElementIC typed array issue.
  • Bug #937132 - SpiderMonkey: Check for overflows in LifoAlloc.
  • Bug #932162 - Dispatch IndexedDB FileInfo releases to the main thread.
  • Bug #951366 - Use AutoDetectInvalidation for disabled GetElement caches.
  • Bug #950438 - IonMonkey: The intersection of two ranges that both contain NaN is not empty.
  • Bug #950268 - Fix leak in nsCertTree::GetDispInfoAtIndex.
  • Bug #932906 - Exempt Remote XUL from CanCreateWrapper checks.
  • Bug #882933 - Copy treatAsRunOnce bit when cloning scripts, don't clone scripts unnecessarily for arrow lambdas.
  • Bug #901348 - Duplicate symbol errors building --with-intl-api.
  • Bug #925896 - Properly reference session data
  • Bug #943803 - Use monitor instead of mutex locking for raster images
  • Bug #942164 - Use weak references to imgRequest consumers
  • Bug #947592 - Streamline ReportLoadError.

Release notes for previous versions (unsupported)

You can find the release notes for previous releases of Pale Moon on the Archived Versions Release Notes page.

Firefox, Mozilla Firefox and Mozilla are registered trademarks of the Mozilla Corporation.
Site and contents © 2009-2014 Moonchild Productions - All rights reserved
Pale Moon's distribution is subject to the following redistribution policy