Post by Yrrah
"Pale Moon is an Open Source, Goanna-based web browser available for Microsoft
Windows and Linux (...), focusing on efficiency and customization.
Pale Moon offers you a browsing experience in a browser completely built from
its own, independently developed source that has been forked off from
Firefox/Mozilla code a number of years ago, with carefully selected features and
optimizations to improve the browser's stability and user experience, while
offering full customization and a growing collection of extensions and themes to
make the browser truly your own."
"This is a new milestone release."
Rather than the self promotion the reason for the update would be better.
Pale Moon: Release notes
DiD This means that a fix is "Defense-in-Depth": It is a fix that does not
apply to a (potentially) actively exploitable vulnerability in Pale Moon,
but prevents future vulnerabilities caused by the same code, e.g. when
surrounding code changes, exposing the problem, or when new attack vectors
Rejected security patches: This means that patches were theoretically
applicable to our code but considered undesirable, which could be due to
unwanted changes in behavior, known regressions caused by the patches, or
unnecessary risks for stability, security or privacy.
This is a new milestone release.
After our unacceptable and recalled release of v30.0.0 and 30.0.1 with the
departure of one of the core devs from our team requiring us to rewind and
re-do several months of work to exclude undesired code changes and what
likely lay at the root of the plethora of stability and run-time issues of
the recalled versions, we're back on track with a new milestone building on
UXP and Goanna (v5.1) with many improvements and additional user-requested
To prevent user confusion, we're skipping from 29 to 31.
Most important changes in this milestone:
We're once again accepting the installation of legacy Firefox extensions
alongside our own Pale Moon exclusive extensions. As always, please note
that using extensions for an old version of a different browser is entirely
at your own risk and we obviously cannot and will not provide much (if any)
support for their use. Firefox extensions will be indicated with an orange
dot in the Add-ons Manager in the browser. This will include the converted
extensions for the few of you who are coming from recalled versions
with -fxguid suffixes.
Implemented Global Privacy Control, taking the place of the
unenforceable "DNT" (Do Not Track) signal. Through GPC, you indicate to
websites that you do not want them to share or sell your data.
Implemented "optional chaining" (thanks, FranklinDM!).
Implemented setBaseAndExtent for text selections.
Implemented queueMicroTask() "pseudo-promise" callbacks.
Implemented accepting unit-less values for rootMargin in Intersection
observers for web compatibility, making it act more like CSS margin as one
Improvements to CSS grid and flexbox rendering and display following
spec changes and improving web compatibility.
Improved display of cursive scripts (on Windows). Good-bye Comic Sans!
Updated various in-tree libraries.
"Default browser" controls in preferences has been moved to "General".
Added support for extended VPx codec strings in media delivery via MSE
Fixed a long-time regression where the browser would no longer honor
old-style body and iframe body margins when indicated in the HTML tags
directly instead of CSS. This improves compatibility with particularly old
and/or archived websites.
Fixed several crashes and stability issues.
Added a licensing screen to the Windows installer to clarify the
browser's licensing. In other installations, you may find this licensing
statement in the added license.txt file in the browser installation
Removed all Google SafeBrowsing/URLClassifier service code.
Restored Mac OS X code and buildability in the platform.
Removed the non-standard ArchiveReader DOM API that was only ever a
Removed most of the last vestiges of the invasive Mozilla Telemetry code
from the platform. This potentially improves performance on some systems.
Removed leftover Electrolysis controls that could sometimes trick parts
of the browser into starting in a (very broken) multi-process mode due to
some plumbing for it still being present, if users would try to force the
issue with preferences. Obviously, this was a footgun for power users.
Removed more Android/Fennec code (on-going effort to clean up our code).
Removed the Marionette automated testing framework.
Security issues addressed: CVE-2022-29915, CVE-2022-29911, and several
issues that do not have a CVE number.
UXP Mozilla security patch summary: 4 fixed, 1 DiD, 19 not applicable.