Pale Moon: Release notes
24.7.2 (2014-09-11)This is a small bugfix and security update.
- Use (i) icon for error console informational messages instead of (?)
- Properly derive and insert the host of a URL security fix
- Avoid negative audio ratios. security fix
- Release XPCOM timer immediately after firing to prevent a race condition.
- Add is-object check to IonBuilder::makeCallHelper. security fix
This is a bugfix release for some outstanding issues in 24.7.0.
a text rendering issue with the new back-end on overdraw layers when
hardware acceleration is in use on Windows. This may also solve some
additional small issues in the user interface that weren't present
- Fixed the use of Google Maps.
If you previously used the workaround in 24.7, then please remove the user-set preference (right-click -> reset).
is a large update to address a good number of different things across
the board. If you want more details about these changes, check the more
detailed announcement on the forum.
some performance issues with the new rendering engine on Windows.
Rendering should be faster for all objects on hardware-accelerated
- Font rendering on Direct2D will no longer fall back to greyscale in some situations, preserving ClearType.
- CSS outlines will now properly outline the object, and not the overflow area (e.g. box shadow).
delay for hiding the default status has been increased from 10 to 30
seconds to keep it on screen sufficiently long but not permanently.
- Queries for "can play type" on WebM videos now get an
HTML5-compliant response ("maybe" instead of "yes" as per the
specification when a codec is not included in the request).
- Pale Moon's gecko rendering engine and Firefox
compatibility version now properly follows the minor version of Pale
Moon again instead of always returning .0 - this should help UA
sniffing websites to more easily detect Pale Moon or adapt to
further-developed gecko 24 versions.
- When using dark/black personas (lightweight themes), the
tab close buttons would be almost invisible. They have been lightened a
little to make them clearer.
- Linux: the click behavior on the address bar has been
unified with that on Windows, aiming for current-day desktop-clipboard
use (select-when-clicked). This is configurable with a preference.
- "In-content" preferences (preferences displayed in a tab
instead of the normal dialog box) has been removed because of
redundancy and incompleteness.
- Checking for updates from the about box now always puts the
user in control and never downloads anything directly from the about
box. It will pop up the larger update window when an update is found.
- Google SafeBrowsing, which is defunct, has been removed from the browser. privacy fix
- Made the building of the Web Developer tools optional when compiling Pale Moon through --disable-devtools.
Atom-optimized version no longer ships with the Web Developer tools to
slim down the browser for limited platforms where these tools are
considered generally unneeded.
- Fixed domain highlighting in the address bar. It should no
longer randomly lose this formatting when switching tabs or otherwise
updating the browser UI.
- Fixed missing click-to-play overlay on some zoom levels for plugins embedded in an iframe.
- Fixed large delays in print enumeration on Windows, especially when printing to file: ports.
- Updated the list of known domain suffixes.
- Updated site-specific user-agent strings to prevent
incorrect complaints from websites (google.com, aol.com, etc.) that use
poor detection scripts.
- Added granular referer control. See the release announcement on the forum for more details on how to use this.
- Added gr locale to the status bar options.
- Disabled HQ image downscaling. This is a workaround for the
broken Mozilla HQ downscaling back-end causing constant invalidations
and redrawing if 2 downscaled images with the same source were in view.
- Updated the NSS library to 3.16.2 RTM to address a few critical SSL issues. security fix
- There was a possibility to lose the source frame for raster
images if images had to be discarded in low-memory situations. This has
been fixed. security fix
- Made refcounting logic around PostTimerEvent more explicit. security fix
- Prevented an invalid pointer state in docloader. security fix
- Added proper refcounting of font faces. security fix
- Android: lots of branding updates to make it more release-ready.
- Android: explicitly set the Pale Moon Sync server in preferences.
- Android: IonMonkey (ARM): guarded against branches being out of range and bail out if so. security fix
- Android: enabled Firefox compatibility mode on Android to allow the installation of extensions from AMO.
- Android: added a "Quit" option to the app menu to properly immediately close the browser.
- Android: IonMonkey (ARM): prevented a performance issue due to clobbering the primary scratch register.
- Android: enabled mobile-specific optimizations to increase performance on mobile devices.
- Android: enabled AES-128 and AES-256 in addition to RC4 for Sync.
A point release to address some further outstanding issues with the overhauled rendering engine.
- Automate rendering back-end selection and use cairo as appropriate.
This should fix start-up problems on all types of graphics cards regardless of vendor.
- Fix font subpixel rendering in menus when on cairo backend (D2D off)
- Cairo: Prevent falling back to padding when not strictly needed.
Performance regression fix if D2D isn't used.
- Azure: Use correct device offsets.
- Prevent crashes due to the allocation of source surfaces to errored surfaces
This prevents some miscellaneous browser crashes occurring with cairo on azure.
A quick point release update mainly to address startup crashes.
- Update to address startup crashes if users previously changed the setting for Azure for Content
- Update for texture handling to restore GDI compatibility (should fix some graphics glitches)
- Fix to handle invalid PDF plugin overlay state
- Misc. additional security fixes ported over from Firefox (bug #s 991981, 995679, 999651, 1009952, 1011007)
is a major update including a rendering engine overhaul and a number of very important fixes. For details
about the changes, please see the detailed changelog on the forum.
- Allow animated personas (lightweight themes)! You will need to set a preference for this.
regularly occurring browser crashes with hardware acceleration enabled
on DirectWrite 6.2/6.3 (Win 7 with Platform Update, Windows 8/8.1).
- Fix font rendering issues on DirectWrite 6.2/6.3, especially on legacy AMD hardware. (KB2670838 issues).
- Fix Windows version detection issues on Windows 8.1.
- Shuffle reported plugin installation order to confuse trackers.
- Clean up jumplist icons so they no longer pile up on disk on some systems (also a privacy concern).
- Change the sync server to a (new) Pale Moon sync server.
- Update the status bar code: Full-screen HTML5 video will no longer have status pop-ups overlaid.
- Add code to selectively ignore "autocomplete=off" on signon input fields.
- Linux: reduce gstreamer CPU overhead.
- Fix styled HTML buttons to address misaligned button contents (wrong baseline), e.g. gmail account chooser.
- Fix an old IonMonkey bug resulting in incorrect math results in some cases.
- Improve the performance of editor initialization.
- Update the Pale Moon icon for better display on lower color depths.
- Media: use a simpler way to discard superfluous audio packets.
In addition, Pale Moon also has a public Git repository now:
- Bug #994907 - imgDecoderObserver does reference counting on different threads, so should be using thread safe reference counting.
- Bug #992274 - Tweak an edge case in line number handling.
- Bug #995603 - Ensure mouse-enter/exit events are sent to plugins as appropriate.
- Bug #1005552 - Stop binding marquee event handlers + misc related fixes.
- Bug #1000185 - Fix several issues with SMIL.
- Bug #978811 - Fix isFakeExitFrame to return true for entry frames.
- Bug #996715 - IonMonkey: Remove the code that bails when determining if the second instruction in a chunk is a branch.
- Bug #967354 - Fix incorrect usage of UpdateWebGLErrorAndClearGLError();
This is a security and bugfix release, to address outstanding known issues and streamline browser identity.
- Fix plugin doorhanger code for removed-node confusion.
Mozilla Corp specific details from search plugins, to clearly indicate
the client is Pale Moon, and to make sure searches are
not counted by search providers towards any other browser's search totals by mistake.
sure to set both "warnOnClose" and "warnOnCloseOther" prefs to false
when users choose to disable this check in the popup prompt.
- Update branding: Remove nightly branding altogether -
only have unofficial+official, and fix the broken About dialog
- Bugfix: Clamp level of WebGL TexImage operations to 32-bits to avoid issues on x64 architectures.
- Update Linux theme: feed icon
- Bugfix: Add Firefox Compatibility flag to unofficial branding.
- Workaround for several prominent websites complaining about an "outdated browser".
- Bug #952022 - Add missing detachAsmJSModule.
- Bug #986843 - Replace AutoHoldZone with AutoCompartmentRooter.
- Bug #989183 - Check for nsXBLJSClass.
- Bug #980537 - Only store FakeBackstagePass instances in mThisObjects.
- Bug #986678 - Fix type check in TryAddTypeBarrierForWrite.
- Bug #966006 - Fix security issue in DNS resolver.
- Bug #944353 - Avoid spurious decoding of corrupt images.
- Bug #969226 - Avoid buffer overflow in corrupt ICC profiles.
- Bug #991471 - Fix offset when setting host on URL.
- Bug #993546 - Don't try to malloc-free 0-size memory chunks.
- Bug #992968 - Avoid OOM problems with JIT code caching
A small bugfix release, and implementing OCSP-stapling for SSL connections.
- Added OCSP-stapling.
- Removed download status indicator from default set in status bar code to fix erroneous pop-up locations of the downloads panel.
- Fixed errors with synchronous OCSP-stapled calls.
- Reduced the timeout for OCSP requests to 2 seconds unless OCSP is required by the server.
- Added proper handling of fragment loading (Bug #s 895557&987140). security fix
- Updated status bar localizations: kn-IN and pt-PT.
A small security and bugfix release.
- Bugfix: the new status bar code in 24.4.0 had a bug, preventing
the downloads panel/window from opening when clicking on the download
status indicator. There may have been a few other, similar small usability bugs
in the same code that have now been fixed.
- Feature update: Selecting "Warn me when closing multiple
tabs" in the Options window will now apply both to closing a window and
closing other tabs in the tab bar.
- Bug #940714 - Add an RAII class to make synchronous raster image decoding safer.
- Bug #896268 - Use a stateless approach to synchronous image decoding. security fix
- Bug #982909 - Consistently use inner window when calling OpenJS. security fix
- Bug #982957 - Fix crash if certain sweeps run out of memory. security fix
- Bug #982906 - Remove option for security bypass in URI building. security fix
- Bug #982974 - Be paranoid about neutering ArrayBuffer objects. security fix
This update changes the new title behavior slightly and updates a lot of things under-the-hood.
Bugfixes ported over:
popular request: the new page title (when using the Pale Moon App
will now follow the operating system default alignment (in most cases),
meaning it will
align left on Windows Vista and Windows 7 by default instead of center.
If you want to hide the title or align it differently, please see the FAQ section on the forum.
- Updated status bar code to the latest "non-australis" version and license change to MPL 2.0
to bring it in line with the rest of the browser code, making it an
integral part of the source tree to streamline building (also for 3rd
- Changed the way Pale Moon handles file and protocol
associations. This will prevent interoperability issues if you have
both Firefox and Pale Moon installed on the same system. A side effect
is that Pale Moon will ask you (once) to make it the default browser
again when you install this update, because of the new associations to
- Changed the search default to DuckDuckGo.
- Added DuckDuckGo logo to about:home.
- Changed some things in the build system, back-end code and build configuration to improve overall performance of the browser.
- Switched to the use of a more compact browser filesystem layout, improving overall start-up speed.
- Precompiled script cache in the application, improving overall start-up speed at the expense of some disk space.
- Added MPS detection for non-windows operating systems (NSPR fallback method) instead of always "1".
- Bug #968461 - Fix imgStatusTracker.h to build with gcc 4.4.
- Bug #912322 - Make sure document.getAnonymous* is no longer available to web content.
- Bug #894448 - Move IsChromeOrXBL to xpcpublic.h.
- Bug #963198 - Don't mix up byte-size and array-length.
- Bug #966311 - Calculate frame size for stereo wave.
- Bug #958867 - Consistent OwningObject handling in IDBFactory::Create methods.
- Bug #925747 - Patch file extraction cleanup.
- Bug #942152 - Fix error handling on NSS I/O layer.
- Bug #960145 - IonMonkey: Don't ignore OSR-like values when computing phi ranges.
- Bug #965982 - Clean up client threads before I/O on shutdown.
- Bug #950604 - Backport of a small typed array bugfix.
- Bug #967341 - Fix up URI management.
- Bug #963974 - Null mCurrentCompositeTask after calling Cancel() on it.
An update to implement TLS v1.2, implement a few new features and fix some minor bugs.
- New feature: Implemented the TLS v1.1 (RFC 4346) and TLS v1.2 (RFC 5246) protocols for improved https security.
- Changed the list of supported encryption ciphers and order
of preference to provide you with secure, speedy connections wherever
- New feature: Added CSS background-attachment:local
- New feature: Added dashed-line stroke support for canvas drawing (set/get/offset)
- Adjusted geolocation timings to prevent IP bans in testing mode and to give you a slightly faster response to the request.
- Adjusted the new window title position some more to account for edge cases.
- Fixed the installer to use the proper class for checking if Pale Moon is already installed/running.
- Security fix: bug #966021 - Fix load_truetype_table in the cairo dwrite font backend.
A minor bugfix release to address some issues with new code in 24.3.
- Fine-tuned the title-bar title text position to work a little better on Windows 8 systems.
- Fixed a problem with the classic download manager window
not opening and/or downloads not starting when using the classic
- Bug 945334 - Fix runnable pointer holding.
- Merged Linux-specific theme code into the source tree for the pm4linux project.
A fairly significant update with feature updates, bugfixes, and
Changes and bugfixes:
Bugfixes ported over:
- New build: Atom-optimized Pale Moon
After some thorough testing, the Atom/netbook builds are being released
as final. These builds are specifically made for PCs with Intel Atom
processors. More information can be found on the Atom builds page.
- New feature: the title has been brought back to the title bar
using the Application Menu (Pale Moon button), the title bar of the
browser window would be blank. Considering this is wasted space, the
page title will now be displayed in the title bar again (it's called a
title bar for a reason, after all!). Several different styles have been
implemented to cater to different OS version layouts.
- Removal of the services tab in the Add-on Manager
It will be visible
only if someone actually has a service extension installed (similar to
how language packs work)
- Improvement of UI consistency
Removal of illogical selective hiding of the
navigation bar and toolbars when in tabs-on-top mode (Add-ons manager,
permissions manager, etc.). Browser chrome will now never be hidden.
When using the classic downloads window, downloads in private windows
were not shown
If you use the classic downloads window and would open a Private
(PB) window, there was no easy way to see which downloads were done in
the PB window. When checking the downloads, it would open up the
(non-PB) classic downloads window which does not have downloads listed
from the PB session. This has been fixed, and PB windows will now open
a new tab in the PB window with the downloads from that private session.
Geolocation didn't work in Pale Moon
This was caused by the Firefox standard geolocation provider (Google
Inc.) now requiring an API key to request geolocation coordinates. Only
official Mozilla Firefox builds will have working geolocation from
Pale Moon has switched provider to IP-API.com to address this issue,
with the required re-write of code for the different type of request. More information on the forum.
- Bugfix: The "More information" link for blocked add-ons didn't work
Certain scaled fonts would have malformed letters
Vista and later with hardware acceleration enabled, certain letters of
some font families would become malformed and difficult to read because
of a Direct2D scaling issue. These fonts should now render sharp and
- Romanian has been added to the status bar localizations
- Bug #903274 - Have the search bar binding's initialization callback bail out if the binding is destroyed.
- Bug #951142 - Check for a close method to be present on the binding before invoking it.
- Bug #908915 - Fix compartment mismatch in shell decompileThis and disassemble functions.
- Bug #950909 - Forward native aggregation to the root XPCWrappedJS.
- Bug #937152 - Remove XPCWrappedJS::mMainThread and mMainThreadOnly.
- Bug #948134 - Fix "value is not defined" in PlacesDBUtils.jsm.
- Bug #822425 - Expose a few simple compartment assertions in jsfriendapi.
- Bug #932906 - Observer no longer called when using overlay
- Update of the NSS library to 3.15.4 RTM
- Bug #936808 - Serialize calls to PK11 routines in SSLServerCertVerification.
- Bug #945939 - Use the pre-split value when numbering values.
- Bug #911864 - Fix several XBL issues
- Bug #921470 - Remove hasFallbackStub_ check in resetMonitorStubChain.
- Bug #950590 - Use nsRefPtr for gfxFontGroup's reference to the user font set, and support changing it from canvas context.
- Bug #937697 - Simplify some BoundsCheckRange code.
- Bug #936056 - Be consistent about the thisobj we pass to getters.
- Bug #953114 - Fix GetElementIC typed array issue.
- Bug #937132 - SpiderMonkey: Check for overflows in LifoAlloc.
- Bug #932162 - Dispatch IndexedDB FileInfo releases to the main thread.
- Bug #951366 - Use AutoDetectInvalidation for disabled GetElement caches.
- Bug #950438 - IonMonkey: The intersection of two ranges that both contain NaN is not empty.
- Bug #950268 - Fix leak in nsCertTree::GetDispInfoAtIndex.
- Bug #932906 - Exempt Remote XUL from CanCreateWrapper checks.
- Bug #882933 - Copy treatAsRunOnce bit when cloning scripts, don't clone scripts unnecessarily for arrow lambdas.
Bug #901348 - Duplicate symbol errors building --with-intl-api.
- Bug #925896 - Properly reference session data
- Bug #943803 - Use monitor instead of mutex locking for raster images
- Bug #942164 - Use weak references to imgRequest consumers
- Bug #947592 - Streamline ReportLoadError.
Release notes for previous versions (unsupported)
You can find the release
notes for previous releases of Pale Moon on the Archived Versions Release Notes