
Home Pale Moon homepage Pale Moon Start page Information General information Project history Site News Awards Technical details Release notes Pale Moon layout Download Pale Moon > Pale Moon Pale Moon x64 Pale Moon Portable Pale Moon Legacy (discontinued) Pale Moon language packs Profile Migration tool Profile Backup tool 3rd Party Builds [NEW] Pale Moon Commander [DEV] Pre-release WIP Archived versions Help F.A.Q. Troubleshooting Known Issues Beware of unofficial versions! Forum Feedback Testimonials Contact
Pale Moon: Release notes 20.1 (2013-05-23) This is a security and stability update with a few additional changes and improvements. Changes: Update of the libpixman graphics library to improve performance for SSE2 CPUs Change to the "Clear download history" setting for use with the panel-based download manager (classic UI unaffected) Fixes: (CVE-2013-1674) Fix for UAF with video and onresize event (crash fix) (CVE-2013-1675) Fix for parameters being used uninitialized (CVE-2013-1676) Fix for out-of-bounds read in SelectionIterator::GetNextSegment (CVE-2013-1679) Fix for heap use-after-free in mozilla::plugins::child::_geturlnotify (CVE-2013-1680) Fix for heap-use-after-free in nsFrameList::FirstChild (crash fix) (CVE-2013-1681) Fix for heap-use-after-free in nsContentUtils::RemoveScriptBlocker (crash fix) Fix for out-of-bounds read crash in PropertyProvider::GetSpacingInternal (crash fix) Fix for out-of-bounds read in gfxSkipCharsIterator::SetOffsets Fix for assertion failure in nsUnicharStreamLoader::WriteSegmentFun with ISO-2022-JP Fix for crash with inline script in an XML doc (crash fix) Fix for "ASSERTION: Out of flow frame doesn't have the expected parent" and crash (crash fix) Fix for nsScriptSecurityManager::CheckLoadURIWithPrincipal being broken Fix for a problem where the IPC Channel could overwrite the stack Fix for Crash in MediaDecoder::UpdatePlaybackOffset (crash fix) Fix for Crash [@ nsTextFrame::HasTerminalNewline()] with splitText (crash fix) Fix for FTP use-after-free crash (crash fix) More details can be found in the release announcement post on the forum. 20.0.1 (2013-04-11) This is mostly a bugfix, security and performance update, but with a number of new features as well, based on the Firefox 20 code base: New/updated/changed major features: Per-window Private Browsing. Learn more. Panel-based download manager. See the detailed changelog for more information. Ability to close hanging plugins, without the browser hanging. Performance improvements related to common browser tasks. Pale Moon specific Cairo performance fix for scaling/panning/zooming of HTML5 drawing surfaces. Pale Moon specific fixes for performance of drawing elements (gradients, etc.). HTML5 canvas now supports blend modes. Various HTML5 audio and video improvements. Update of the Status Bar code to work with the new code base. ECMAScript for XML (E4X) is kept available for add-ons. Note that this will be removed in future versions as E4X is obsolete. Developer tools have been enabled by default, considering the code is practically impactless unless actually used. Theming has been worked on to provide better contrast on glass/dark themes and to work around styling issues present in v19. Updated fallback character sets to Windows-1252. Restored legacy function key handling (uplifted from Firefox 22). Fixed UNC path handling (Chemspill Firefox 20.0.1). Always enable the use of personas, also in Private Browsing mode. Experimental: support for H.264 videos (disabled by default) Security fixes relevant to Pale Moon: MFSA 2013-30 A fairly large number of memory safety hazards (crashes/corruption/injection). MFSA 2013-31 Out-of-bounds write in Cairo library (CVE-2013-0800) MFSA 2013-34 Privilege escalation through Mozilla Updater (CVE-2013-0797) MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes (CVE-2013-0795) MFSA 2013-37 Bypass of tab-modal dialog origin disclosure (structural fix) MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations (CVE-2013-0793) MFSA 2013-39 Memory corruption while rendering grayscale PNG images (CVE-2013-0792) MFSA 2013-40 Crash fix: Out-of-bounds array read in CERT_DecodeCertPackage (CVE-2013-0791) Detailed descriptions for these changes and fixes can be found in the detailed changelog/announcement post on the forum. 20.0 -- Internal testing release, unpublished. 19.0.2 (2013-03-09) A minor update prompted by a security update @Mozilla: Fixes a critical security vulnerability in the browser (MFSA 2013-29) Slightly improves HTTP pipelining Update to the integrated status bar feature (German localization updated) 19.0.1 (2013-02-24) A minor update to address a few issues with the initial major release: Fix for bookmarks giving an "XML parsing error" when set to "load in the sidebar" Fix for a double padlock display if a secure site would not supply a favicon Redone the mixed content https padlock image in 32bpp to prevent potential UI rendering issues Fixed a setting so no unnecessary code walking is done for the otherwise disabled accessibility features Fix (inherent) for add-ons and themes being marked as incompatible in Pale Moon x64 when they have a minimum version of 19.0 19.0 (2013-02-22) This is a new major release with a lot of changes and improvements: Changes in this version: Update of the underlying Firefox (gecko) code to v19. This has a number of consequences: Add-ons and themes may need to be updated since the UI code has changed. HTML5-implementation is more complete A number of CSS statements have their prefix removed (-moz*) Javascript now uses the IonMonkey engine by default, which is a new (faster) engine Improvements to the layout and rendering engines If you are using a language pack, you need to update it to the new version Update of the browser style. Main browser controls and the padlock look slightly different. Several Pale Moon specific improvements to the rendering engine, noticeable in general use and certain benchmarks, to prevent browser stalls or high CPU usage on certain pages. The builds no longer use PGO (Profile Guided Optimization) but are globally speed-optimized. For details about each of these points, see the detailed changelog post on the forum. Release notes for previous versions (discontinued) You can find the release notes for previous major releases of Pale Moon on the Archived Versions Release Notes page.
Firefox, Mozilla Firefox and Mozilla are registered trademarks of the Mozilla Corporation. Site and contents © 2009-2013 Moonchild Productions - All rights reserved Pale Moon's distribution is subject to the following redistribution policy

The Pale Moon Project - Custom-built and optimized Firefox browsers for Windows Operating Systems

Pale Moon: Release notes

20.1 (2013-05-23)

This is a security and stability update with a few additional changes and improvements.

Changes:

Update of the libpixman graphics library to improve performance for SSE2 CPUs
Change to the "Clear download history" setting for use with the panel-based download manager (classic UI unaffected)

Fixes:

(CVE-2013-1674) Fix for UAF with video and onresize event (crash fix)
(CVE-2013-1675) Fix for parameters being used uninitialized
(CVE-2013-1676) Fix for out-of-bounds read in SelectionIterator::GetNextSegment
(CVE-2013-1679) Fix for heap use-after-free in mozilla::plugins::child::_geturlnotify
(CVE-2013-1680) Fix for heap-use-after-free in nsFrameList::FirstChild (crash fix)
(CVE-2013-1681) Fix for heap-use-after-free in nsContentUtils::RemoveScriptBlocker (crash fix)
Fix for out-of-bounds read crash in PropertyProvider::GetSpacingInternal (crash fix)
Fix for out-of-bounds read in gfxSkipCharsIterator::SetOffsets
Fix for assertion failure in nsUnicharStreamLoader::WriteSegmentFun with ISO-2022-JP
Fix for crash with inline script in an XML doc (crash fix)
Fix for "ASSERTION: Out of flow frame doesn't have the expected parent" and crash (crash fix)
Fix for nsScriptSecurityManager::CheckLoadURIWithPrincipal being broken
Fix for a problem where the IPC Channel could overwrite the stack
Fix for Crash in MediaDecoder::UpdatePlaybackOffset (crash fix)
Fix for Crash [@ nsTextFrame::HasTerminalNewline()] with splitText (crash fix)
Fix for FTP use-after-free crash (crash fix)

More details can be found in the release announcement post on the forum.

20.0.1 (2013-04-11)

This is mostly a bugfix, security and performance update, but with a number of new features as well, based on the Firefox 20 code base:

New/updated/changed major features:

Per-window Private Browsing. Learn more.
Panel-based download manager. See the detailed changelog for more information.
Ability to close hanging plugins, without the browser hanging.
Performance improvements related to common browser tasks.
Pale Moon specific Cairo performance fix for scaling/panning/zooming of HTML5 drawing surfaces.
Pale Moon specific fixes for performance of drawing elements (gradients, etc.).
HTML5 canvas now supports blend modes.
Various HTML5 audio and video improvements.
Update of the Status Bar code to work with the new code base.
ECMAScript for XML (E4X) is kept available for add-ons. Note that this will be removed in future versions as E4X is obsolete.
Developer tools have been enabled by default, considering the code is practically impactless unless actually used.
Theming has been worked on to provide better contrast on glass/dark themes and to work around styling issues present in v19.
Updated fallback character sets to Windows-1252.
Restored legacy function key handling (uplifted from Firefox 22).
Fixed UNC path handling (Chemspill Firefox 20.0.1).
Always enable the use of personas, also in Private Browsing mode.
Experimental: support for H.264 videos (disabled by default)

Security fixes relevant to Pale Moon:

MFSA 2013-30 A fairly large number of memory safety hazards (crashes/corruption/injection).
MFSA 2013-31 Out-of-bounds write in Cairo library (CVE-2013-0800)
MFSA 2013-34 Privilege escalation through Mozilla Updater (CVE-2013-0797)
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes (CVE-2013-0795)
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure (structural fix)
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations (CVE-2013-0793)
MFSA 2013-39 Memory corruption while rendering grayscale PNG images (CVE-2013-0792)
MFSA 2013-40 Crash fix: Out-of-bounds array read in CERT_DecodeCertPackage (CVE-2013-0791)

Detailed descriptions for these changes and fixes can be found in the detailed changelog/announcement post on the forum.

20.0 -- Internal testing release, unpublished.

19.0.2 (2013-03-09)

A minor update prompted by a security update @Mozilla:

Fixes a critical security vulnerability in the browser (MFSA 2013-29)
Slightly improves HTTP pipelining
Update to the integrated status bar feature (German localization updated)

19.0.1 (2013-02-24)

A minor update to address a few issues with the initial major release:

Fix for bookmarks giving an "XML parsing error" when set to "load in the sidebar"
Fix for a double padlock display if a secure site would not supply a favicon
Redone the mixed content https padlock image in 32bpp to prevent potential UI rendering issues
Fixed a setting so no unnecessary code walking is done for the otherwise disabled accessibility features
Fix (inherent) for add-ons and themes being marked as incompatible in Pale Moon x64 when they have a minimum version of 19.0

19.0 (2013-02-22)

This is a new major release with a lot of changes and improvements:

Changes in this version:

Update of the underlying Firefox (gecko) code to v19. This has a number of consequences:

Add-ons and themes may need to be updated since the UI code has changed.
HTML5-implementation is more complete
A number of CSS statements have their prefix removed (-moz*)
Javascript now uses the IonMonkey engine by default, which is a new (faster) engine
Improvements to the layout and rendering engines
If you are using a language pack, you need to update it to the new version

Update of the browser style. Main browser controls and the padlock look slightly different.
Several Pale Moon specific improvements to the rendering engine, noticeable in general use and certain benchmarks, to prevent browser stalls or high CPU usage on certain pages.
The builds no longer use PGO (Profile Guided Optimization) but are globally speed-optimized.

For details about each of these points, see the detailed changelog post on the forum.

Release notes for previous versions (discontinued)

You can find the release notes for previous major releases of Pale Moon on the Archived Versions Release Notes page.

Firefox, Mozilla Firefox and Mozilla are registered trademarks of the Mozilla Corporation.
Site and contents © 2009-2013 Moonchild Productions - All rights reserved
Pale Moon's distribution is subject to the following redistribution policy