Pale Moon 28.16.0 is now released. PaleMoon is a browser optimized based on the Firefox browser. It is mainly designed to increase the speed of Firefox. It also adds a variety of Firefox extensions to make it more beautiful and more functional.
Note for Linux users: According to the official, with the end of the CentOS 6 life cycle, this version will be the last version they will build for the official 32-bit Linux binary file download. Although the user's distribution may choose to continue to provide a 32-bit version of the browser built from the source code by the maintainer, the official website no longer provides any other official 32-bit Linux binary files. Users are requested to contact the package maintainer of their distribution to find out whether their specific Linux version will provide further 32-bit support.
Change/fix:
- Make CSS
tab-sizeconsistent with the specification, and remove the prefix. - Update Brotli library to 1.0.9.
- Updated the JAR library code.
- Optimized UI code can reduce the number of downloads and reduce the space consumption on the disk.
- Change the default Firefox compatibility version number to 68.0 (because the version ending in .9 makes some frameworks unsatisfactory, thus denying user access)
- Clean up HPKP leftovers.
- The DOM file system API is disabled by default.
- The Phone Vibrator API has been removed.
- Fixed the problem that the software uninstaller would not delete the program files that should be deleted.
- Fixed devtools crash related to timeline snapshots.
- Fixed an issue in Skia that could cause unsafe memory access. DiD
- Fixed several data race conditions. DiD
- Fixed an XSS vulnerability, scripts can be executed when pasting data into the online editor.
- Linux: Fixed an overflow problem in freetype.
- Security issues resolved: CVE-2020-26960, CVE-2020-26951, CVE-2020-26956, CVE-2020-15999 and several other issues that have no CVE logo.
- Summary of Mozilla security patches for the Unified XUL platform: 4 fixed, 4 defense-in-depth, 3 rejected, 20 not applicable.
Implementation notes
- All Windows binaries should be code signed correctly again.
- Uninstaller problems may only occur if the browser is not updated with the internal update program after installation.
- In fact, DOM Filesystem and dir picker API are not used on the website. The official stated that it has disabled these APIs exposed on the Web because they are not completely free of potential risks. Unless there is a clear need to keep them as optional (unsupported) APIs in the platform, they plan to do so in the future. Delete it in the version.
- One of the rejected security patches involved entering a single word in the address bar. In this case, the standard browser behavior is to let the browser perform a regular network lookup for the word, in case it is a LAN machine name (other browsers do the same), which may change the search term " Leak” to the LAN. If you want to avoid this, always use the search box to enter a web search , because in this case it is clear to deal with individual words.
Update instructions: https://www.palemoon.org/releasenotes.shtml