Pale Moon: Release notes
24.2.2 (2013-12-11)Mainly a security update:
- Implementation of all remaining applicable security fixes from Firefox 26.0 that were not implemented yet in previous versions.
- Update of the Security library (NSS) to 18.104.22.168.
- Fix of new js zone writes/zone barrier bugs.
- The Sync configuration allows users to input their own
recovery key again. Please note that letting the browser generate its
own secure recovery key is still strongly recommended, as this recovery
key should be impossible to guess and of sufficient length and complexity to keep your data safely encrypted.
A minor bugfix update:
- Fix for some status bar localizations not working and giving an error.
- Implementation of an optimized QuickFind routine.
- Implementation of per-zone user data handling.
- Security fix in the JPEG library.
- Security fix in web workers.
This update implements the following changes:
- Update of the new-tab routine: When opening a new tab,
focus will now only be on the address bar if you open a blank tab or
the Quick Dial page, and focus will be on the page content otherwise
(Pale Moon start page or custom URL).
issues between QuickFind/Find-as-you-Type and HTML5
input fields in forms fixed.
advanced feature: Later versions of the Firefox code
will automatically place the browser window fully on a visible portion
of the screen. If you prefer having the browser window positioned
partially off-screen and want to prevent this automatic resizing and
repositioning when starting a new session, create a new boolean
preference in about:config called browser.sessionstore.exactPos and set it to true.
- Updated the localization of the status bar code with the following locales: en-GB, es-MX, es-AR, it, pl.
- Fix for a security issue with script event handlers.
This update implements the following changes:
- Update of the NSPR library to 4.10.2 RTM.
- Update of the Security library (NSS) to 3.15.3 (alternative branch) to pick up a number of fixes.
- Fix (finally) of the menu list of tabs when browser.allTabs.previews is set to false.
It would stick the top entry, not properly highlight the selected tab,
and would generally be unpleasant and stubborn when tabs were moved or
closed. This should all be corrected now.
- Additional feature: Previously, tabs would immediately
resize to fill the tab bar when you would close them. Mozilla changed
this a (long) while back to cater to "rapidly closing multiple tabs
without moving the mouse" and to resize you have to move the mouse out
of the tab bar. A good number of Firefox/Pale Moon users don't like
this behavior, but the fix to make this configurable was in the end
rejected by the Mozilla UX team, so I opted for my own implementation
in Pale Moon. New pref: browser.tabs.resize_immediately - set this preference to true to immediately resize other tabs when closing a tab.
Many thanks to David for doing the required research for this feature!
- Rework of the multi-core routine and removal of OpenMP code
and the related library (Microsoft's implementation is old, limited,
and won't be updated/improved; in addition it prevented some compiler
optimizations that could now be used again).
- The accessibility back-end for automatically starting "Find as you type" (an accessibility feature) has been
disabled completely to prevent this setting from breaking websites with
HTML5 input fields (not compatible with autostarting FAYT).
is a minor update to 24.1.0 to revert the change of disabling 2 specific SSL
ciphers by default, since it broke more web sites than anticipated
(including external elements pulled in from third-party sites using
other changes were made.
This update fixes a number of security and user interface issues, and adds the feed icon in the address bar.
- MFSA 2013-102
Use-after-free in HTML document templates.
- MFSA 2013-101
Memory corruption in workers.
- MFSA 2013-100
Miscellaneous use-after-free issues found through ASAN fuzzing.
- MFSA 2013-99
Security bypass of PDF.js checks using iframes.
- MFSA 2013-98
Use-after-free when updating offline cache.
- MFSA 2013-97
Writing to cycle collected object during image decoding.
- MFSA 2013-96
- MFSA 2013-95
Access violation with XSLT and uninitialized data.
- MFSA 2013-94
Spoofing addressbar though SELECT element.
- MFSA 2013-93
Miscellaneous memory safety hazards.
- Security + cleanup fix: No longer store empty event handlers.
- User interface: Fix for the classic downloads window having a blank title with no running downloads.
- User interface: Fix of the drop-down menu "double entry" in the all-tabs list as-a-menu setup.
- Extensions are now set to automatically update by default. Because many users fail
to do the occasional check to see if there are updates available to
their extensions, the default is to automatically check and install
available updates to extensions from this version forward to give the
best possible browsing experience. If you prefer to check manually, make sure to change the setting accordingly in your add-on manager.
- Two SSL ciphers that are considered weak are disabled by default
(RSA-RC4-128-MD5 and RSA-RC4-128-SHA). If you are having trouble
reaching certain encrypted sites that exclusively use these encryption methods, you should ask the site owners to update their SSL configuration to allow stronger encryption. As a workaround, you can enable the ciphers by installing the Pale Moon Commander add-on and changing the available ciphers there, or by setting security.ssl3.rsa_rc4_128_md5 and security.ssl3.rsa_rc4_128_sha to true in about:config
(Note: this change was reverted in 24.1.1)
- When there is a web feed
available on a website, Pale Moon will now display a feed indicator on
the right side of the address bar to indicate that feeds are available.
You can click this icon to subscribe to feeds.
If you don't want this indicator, set browser.urlbar.rss to false in about:config
Note: more technical information on the forum!
This is a small update to address a few issues with standalone images:
some cases when having an image open, the User Interface would not
properly redraw resulting in blank controls and tab headers.
- In some cases, having an image open would cause 100% processor use on one core.
- Drawing thumbnails of standalone images in the tab headers would often be slow and processor-intensive.
This is a small update to address some small issues with the new major version:
- Fix for unreadable address bar text when visiting a broken or mixed-mode SSL site.
- Fix for an incorrect browser cache size default when first starting the browser. (regression)
Note: If you have used version 24.0, then please check your Options -> Advanced -> Network tab, and if the cache size is set to "1024", change it back to its default "250" to prevent unnecessary use of disk space and potential slowing of the browser.
- Fix for themes not applying to Private Browsing windows. (regression)
- A small update to the new icon to fix some visual issues with it.
- Reduction of visual friction and CPU usage on some
operations by disabling smooth scrolling on it by default (e.g.
This is a new major release with many changes and improvements. A concise summary of the changes follows.
There are too many changes and updates (both resulting from the code
base update and from the additional Pale Moon development on top) to
list all of them in detail.
- Switch to a new Mozilla code base (Gecko 24.0).
- Update of the Pale Moon icon/logo. Special thanks go to Roger Gómez del Casal for providing me with an interesting concept design image to use as a base for it!
- Fixes for all relevant security vulnerabilities.
- Many changes and updates in the rendering, scripting and
parsing back-end to provide significant improvements in overall browser
performance (including benchmark scores).
- Addition of a number of HTML5 elements, improving overall HTML5 standards compliance.
- Implementation of the webaudio API (most features that are no longer draft).
of Tab Groups (Panorama). If you actively used this functionality, I
have also made an add-on
(Mozilla dev sourced) available to restore
this feature to the browser. If you have issues with the supplied
add-on or want to give other tab grouping methods a try, you can use
alternatives found on AMO.
- Removal of a few additional Accessibility options.
- Inclusion of an updated version of the Add-on SDK and loader to solve recent issues with SDK/Jetpack add-ons.
- Adjustment of the Quickdial "new tab" feature to have better layout.
- Extension of the address bar shading functionality to more
clearly indicate when there is a problem with a secure site (red
shading on broken SSL/mixed content).
- New way of handling plugins with control on a per-site basis. An extensive description can be found on the forum.
- Restored/maintained a number of features that were removed from recent Firefox versions:
- Graphical tab switching feature with quick search (Ctrl+Shift+Tab).
- Removing the tab bar if there is only one tab present.
- Options for the loading of images.
- More recovery options in the Safe Mode startup dialog box than just nuking your profile.
- Send Link/E-mail Link mail client integration functionality.
- Unification of version numbers. x86 and x64 will from this
forward use the same version number (and icon) without an architecture
designation. This will solve potential compatibility issues on new
major versions, as well as the superfluous compatibility check when
switching between x86 and x64 on the same profile.
Release notes for previous versions (discontinued)
You can find the release
notes for previous major releases of Pale Moon on the Archived Versions Release Notes