Pale Moon: Release notes
24.4.0 (2014-03-10)This update changes the new title behavior slightly and updates a lot of things under-the-hood.
Bugfixes ported over:
popular request: the new page title (when using the Pale Moon App
will now follow the operating system default alignment (in most cases),
meaning it will
align left on Windows Vista and Windows 7 by default instead of center.
If you want to hide the title or align it differently, please see the FAQ section on the forum.
- Updated status bar code to the latest "non-australis" version and license change to MPL 2.0
to bring it in line with the rest of the browser code, making it an
integral part of the source tree to streamline building (also for 3rd
- Changed the way Pale Moon handles file and protocol
associations. This will prevent interoperability issues if you have
both Firefox and Pale Moon installed on the same system. A side effect
is that Pale Moon will ask you (once) to make it the default browser
again when you install this update, because of the new associations to
- Changed the search default to DuckDuckGo.
- Added DuckDuckGo logo to about:home.
- Changed some things in the build system, back-end code and build configuration to improve overall performance of the browser.
- Switched to the use of a more compact browser filesystem layout, improving overall start-up speed.
- Precompiled script cache in the application, improving overall start-up speed at the expense of some disk space.
- Added MPS detection for non-windows operating systems (NSPR fallback method) instead of always "1".
- bug #968461 - Fix imgStatusTracker.h to build with gcc 4.4.
- bug #912322 - Make sure document.getAnonymous* is no longer available to web content.
- bug #894448 - Move IsChromeOrXBL to xpcpublic.h.
- bug #963198 - Don't mix up byte-size and array-length.
- bug #966311 - Calculate frame size for stereo wave.
- bug #958867 - Consistent OwningObject handling in IDBFactory::Create methods.
- bug #925747 - Patch file extraction cleanup.
- bug #942152 - Fix error handling on NSS I/O layer.
- bug #960145 - IonMonkey: Don't ignore OSR-like values when computing phi ranges.
- bug #965982 - Clean up client threads before I/O on shutdown.
- bug #950604 - Backport of a small typed array bugfix.
- bug #967341 - Fix up URI management.
- bug #963974 - Null mCurrentCompositeTask after calling Cancel() on it.
An update to implement TLS v1.2, implement a few new features and fix some minor bugs.
- New feature: Implemented the TLS v1.1 (RFC 4346) and TLS v1.2 (RFC 5246) protocols for improved https security.
- Changed the list of supported encryption ciphers and order
of preference to provide you with secure, speedy connections wherever
- New feature: Added CSS background-attachment:local
- New feature: Added dashed-line stroke support for canvas drawing (set/get/offset)
- Adjusted geolocation timings to prevent IP bans in testing mode and to give you a slightly faster response to the request.
- Adjusted the new window title position some more to account for edge cases.
- Fixed the installer to use the proper class for checking if Pale Moon is already installed/running.
- Security fix: bug #966021 - Fix load_truetype_table in the cairo dwrite font backend.
A minor bugfix release to address some issues with new code in 24.3.
- Fine-tuned the title-bar title text position to work a little better on Windows 8 systems.
- Fixed a problem with the classic download manager window
not opening and/or downloads not starting when using the classic
- Bug 945334 - Fix runnable pointer holding.
- Merged Linux-specific theme code into the source tree for the pm4linux project.
A fairly significant update with feature updates, bugfixes, and
Changes and bugfixes:
Bugfixes ported over:
- New build: Atom-optimized Pale Moon
After some thorough testing, the Atom/netbook builds are being released
as final. These builds are specifically made for PCs with Intel Atom
processors. More information can be found on the Atom builds page.
- New feature: the title has been brought back to the title bar
using the Application Menu (Pale Moon button), the title bar of the
browser window would be blank. Considering this is wasted space, the
page title will now be displayed in the title bar again (it's called a
title bar for a reason, after all!). Several different styles have been
implemented to cater to different OS version layouts.
- Removal of the services tab in the Add-on Manager
It will be visible
only if someone actually has a service extension installed (similar to
how language packs work)
- Improvement of UI consistency
Removal of illogical selective hiding of the
navigation bar and toolbars when in tabs-on-top mode (Add-ons manager,
permissions manager, etc.). Browser chrome will now never be hidden.
When using the classic downloads window, downloads in private windows
were not shown
If you use the classic downloads window and would open a Private
(PB) window, there was no easy way to see which downloads were done in
the PB window. When checking the downloads, it would open up the
(non-PB) classic downloads window which does not have downloads listed
from the PB session. This has been fixed, and PB windows will now open
a new tab in the PB window with the downloads from that private session.
Geolocation didn't work in Pale Moon
This was caused by the Firefox standard geolocation provider (Google
Inc.) now requiring an API key to request geolocation coordinates. Only
official Mozilla Firefox builds will have working geolocation from
Pale Moon has switched provider to IP-API.com to address this issue,
with the required re-write of code for the different type of request. More information on the forum.
- Bugfix: The "More information" link for blocked add-ons didn't work
Certain scaled fonts would have malformed letters
Vista and later with hardware acceleration enabled, certain letters of
some font families would become malformed and difficult to read because
of a Direct2D scaling issue. These fonts should now render sharp and
- Romanian has been added to the status bar localizations
- Bug 903274 - Have the search bar binding's initialization callback bail out if the binding is destroyed.
- Bug 951142 - Check for a close method to be present on the binding before invoking it.
- Bug 908915 - Fix compartment mismatch in shell decompileThis and disassemble functions.
- Bug 950909 - Forward native aggregation to the root XPCWrappedJS.
- Bug 937152 - Remove XPCWrappedJS::mMainThread and mMainThreadOnly.
- Bug 948134 - Fix "value is not defined" in PlacesDBUtils.jsm.
- Bug 822425 - Expose a few simple compartment assertions in jsfriendapi.
- Bug 932906 - Observer no longer called when using overlay
- Update of the NSS library to 3.15.4 RTM
- Bug 936808 - Serialize calls to PK11 routines in SSLServerCertVerification.
- Bug 945939 - Use the pre-split value when numbering values.
- Bug 911864 - Fix several XBL issues
- Bug 921470 - Remove hasFallbackStub_ check in resetMonitorStubChain.
- Bug 950590 - Use nsRefPtr for gfxFontGroup's reference to the user font set, and support changing it from canvas context.
- Bug 937697 - Simplify some BoundsCheckRange code.
- Bug 936056 - Be consistent about the thisobj we pass to getters.
- Bug 953114 - Fix GetElementIC typed array issue.
- Bug 937132 - SpiderMonkey: Check for overflows in LifoAlloc.
- Bug 932162 - Dispatch IndexedDB FileInfo releases to the main thread.
- Bug 951366 - Use AutoDetectInvalidation for disabled GetElement caches.
- Bug 950438 - IonMonkey: The intersection of two ranges that both contain NaN is not empty.
- Bug 950268 - Fix leak in nsCertTree::GetDispInfoAtIndex.
- Bug 932906 - Exempt Remote XUL from CanCreateWrapper checks.
- Bug 882933 - Copy treatAsRunOnce bit when cloning scripts, don't clone scripts unnecessarily for arrow lambdas.
Bug 901348 - Duplicate symbol errors building --with-intl-api.
- Bug 925896 - Properly reference session data
- Bug 943803 - Use monitor instead of mutex locking for raster images
- Bug 942164 - Use weak references to imgRequest consumers
- Bug 947592 - Streamline ReportLoadError.
Mainly a security update:
- Implementation of all remaining applicable security fixes
from Firefox 26.0 that were not implemented yet in previous versions.
- Update of the Security library (NSS) to 126.96.36.199.
- Fix of new js zone writes/zone barrier bugs.
- The Sync configuration allows users to input their own
recovery key again. Please note that letting the browser generate its
own secure recovery key is still strongly recommended, as this recovery
key should be impossible to guess and of sufficient length and
complexity to keep your data safely encrypted.
A minor bugfix update:
- Fix for some status bar localizations not working and
giving an error.
- Implementation of an optimized QuickFind routine.
- Implementation of per-zone user data handling.
- Security fix in the JPEG library.
- Security fix in web workers.
This update implements the following changes:
- Update of the new-tab routine: When opening a new tab,
focus will now only be on the address bar if you open a blank tab or
the Quick Dial page, and focus will be on the page content otherwise
(Pale Moon start page or custom URL).
issues between QuickFind/Find-as-you-Type and HTML5
input fields in forms fixed.
advanced feature: Later versions of the Firefox code
will automatically place the browser window fully on a visible portion
of the screen. If you prefer having the browser window positioned
partially off-screen and want to prevent this automatic resizing and
repositioning when starting a new session, create a new boolean
preference in about:config called browser.sessionstore.exactPos
and set it to true.
- Updated the localization of the status bar code with the
following locales: en-GB, es-MX, es-AR, it, pl.
- Fix for a security issue with script event handlers.
This update implements the following changes:
- Update of the NSPR library to 4.10.2 RTM.
- Update of the Security library (NSS) to 3.15.3 (alternative
branch) to pick up a number of fixes.
- Fix (finally) of the menu list of tabs when browser.allTabs.previews
is set to false.
It would stick the top entry, not properly highlight the selected tab,
and would generally be unpleasant and stubborn when tabs were moved or
closed. This should all be corrected now.
- Additional feature: Previously, tabs would immediately
resize to fill the tab bar when you would close them. Mozilla changed
this a (long) while back to cater to "rapidly closing multiple tabs
without moving the mouse" and to resize you have to move the mouse out
of the tab bar. A good number of Firefox/Pale Moon users don't like
this behavior, but the fix to make this configurable was in the end
rejected by the Mozilla UX team, so I opted for my own implementation
in Pale Moon. New pref: browser.tabs.resize_immediately
- set this preference to true
to immediately resize other tabs when closing a tab.
Many thanks to David
for doing the required research for this feature!
- Rework of the multi-core routine and removal of OpenMP code
and the related library (Microsoft's implementation is old, limited,
and won't be updated/improved; in addition it prevented some compiler
optimizations that could now be used again).
- The accessibility back-end for automatically starting "Find
as you type" (an accessibility feature) has been
disabled completely to prevent this setting from breaking websites with
HTML5 input fields (not compatible with autostarting FAYT).
is a minor update to 24.1.0 to revert the change of disabling 2
ciphers by default, since it broke more web sites than anticipated
(including external elements pulled in from third-party sites using
other changes were made.
This update fixes a number of security and user interface issues, and
adds the feed icon in the address bar.
- MFSA 2013-102 Use-after-free in HTML document
- MFSA 2013-101 Memory corruption in workers.
- MFSA 2013-100 Miscellaneous use-after-free issues
found through ASAN fuzzing.
- MFSA 2013-99 Security bypass of PDF.js checks using
- MFSA 2013-98 Use-after-free when updating offline
- MFSA 2013-97 Writing to cycle collected object during
- MFSA 2013-96 Improperly initialized memory and
- MFSA 2013-95 Access violation with XSLT and
- MFSA 2013-94 Spoofing addressbar though SELECT
- MFSA 2013-93 Miscellaneous memory safety hazards.
- Security + cleanup fix: No longer store empty event
- User interface: Fix for the classic downloads window having
a blank title with no running downloads.
- User interface: Fix of the drop-down menu "double entry" in
the all-tabs list as-a-menu setup.
- Extensions are now set to automatically update by default.
Because many users fail
to do the occasional check to see if there are updates available to
their extensions, the default is to automatically check and install
available updates to extensions from this version forward to give the
best possible browsing experience. If
you prefer to check manually, make sure to change the setting
accordingly in your add-on manager.
- Two SSL ciphers that are considered weak are disabled by
default (RSA-RC4-128-MD5 and RSA-RC4-128-SHA). If you are having
trouble reaching certain encrypted sites that exclusively use these encryption
methods, you should ask the site
owners to update their SSL configuration to allow stronger encryption.
As a workaround, you can
enable the ciphers by installing the Pale
Moon Commander add-on and changing the available ciphers there, or
by setting security.ssl3.rsa_rc4_128_md5
to true in about:config
this change was reverted in 24.1.1)
- When there is a web feed
available on a website, Pale Moon will now display a feed indicator on
the right side of the address bar to indicate that feeds are available.
You can click this icon to subscribe to feeds.
If you don't want this indicator, set browser.urlbar.rss
Note: more technical information on the forum!
This is a small update to address a few issues with standalone images:
some cases when having an image open, the User Interface would not
properly redraw resulting in blank controls and tab headers.
- In some cases, having an image open would cause 100%
processor use on one core.
- Drawing thumbnails of standalone images in the tab headers
would often be slow and processor-intensive.
This is a small update to address some small issues with the new major
- Fix for unreadable address bar text when visiting a broken
or mixed-mode SSL site.
- Fix for an incorrect browser cache size default when first
starting the browser. (regression)
Note: If you have used version 24.0, then please check your Options ->
Advanced -> Network tab, and if the cache size is set to "1024", change it back to its default "250"
to prevent unnecessary use of disk space and potential slowing of the
- Fix for themes not applying to Private Browsing windows. (regression)
- A small update to the new icon to fix some visual issues
- Reduction of visual friction and CPU usage on some
operations by disabling smooth scrolling on it by default (e.g.
This is a new major release with many changes and improvements. A concise summary of the
There are too many changes and updates (both resulting from the code
base update and from the additional Pale Moon development on top) to
list all of them in detail.
- Switch to a new Mozilla code base (Gecko 24.0).
- Update of the Pale Moon icon/logo. Special thanks go to Roger Gómez del Casal for providing me
with an interesting concept design image to use as a base for it!
- Fixes for all relevant security
- Many changes and updates in the rendering, scripting and
parsing back-end to provide significant improvements in overall browser
performance (including benchmark scores).
- Addition of a number of HTML5 elements, improving overall
HTML5 standards compliance.
- Implementation of the webaudio API (most features that are
no longer draft).
of Tab Groups (Panorama). If you actively used this functionality, I
have also made an add-on
(Mozilla dev sourced) available to restore
this feature to the browser. If you have issues with the supplied
add-on or want to give other tab grouping methods a try, you can use
alternatives found on AMO.
- Removal of a few additional Accessibility options.
- Inclusion of an updated version of the Add-on SDK and
loader to solve recent issues with SDK/Jetpack add-ons.
- Adjustment of the Quickdial "new tab" feature to have
- Extension of the address bar shading functionality to more
clearly indicate when there is a problem with a secure site (red
shading on broken SSL/mixed content).
- New way of handling plugins with control on a per-site
basis. An extensive description can be found on the forum.
- Restored/maintained a number of features that were removed
from recent Firefox versions:
- Graphical tab switching feature with quick search
- Removing the tab bar if there is only one tab present.
- Options for the loading of images.
- More recovery options in the Safe Mode startup dialog box
than just nuking your profile.
- Send Link/E-mail Link mail client integration
- Unification of version numbers. x86 and x64 will from this
forward use the same version number (and icon) without an architecture
designation. This will solve potential compatibility issues on new
major versions, as well as the superfluous compatibility check when
switching between x86 and x64 on the same profile.
Release notes for previous versions (discontinued)
You can find the release
notes for previous major releases of Pale Moon on the Archived Versions Release Notes