Pale Moon 26.2.0 released!

Pale Moon releases and site news
User avatar
Pale Moon guru
Pale Moon guru
Posts: 23434
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E

Pale Moon 26.2.0 released!

Unread post by Moonchild » 2016-04-05, 13:44

This is a major update and bugfix release.
Linux versions will follow shortly when the Linux maintainer has time to publish those builds.

  • Implemented the URL API that's needed for a number of websites.
  • Changed internal keystroke handling within the spec to better align with generally expected behavior.
    This should fix the infamous "backspace" issue on Facebook.
    Web developers please note: calling preventDefault() in a "keydown" event handler will now prevent most keypress events from firing.
  • Linux: gstreamer 1.0 support has been implemented and enabled by default (hats off to Travis!)
    From this version forward you will need to have gstreamer 1.0 libraries for video playback (0.10 is no longer supported in official binaries).
    You can still build from source with gstreamer 0.10 support if needed by configuring your build with --enable-gstreamer=0.10.
  • Re-styled about:sessionrestore to use more available screen real estate for tab info.
  • Added an option to use the mousewheel for horizontal scrolling (mouse action value 4).
    (e.g. setting mousewheel.with_shift.action to 4 makes Shift+wheel scroll horizontally)
  • Bumped the maximum icon file size for search engine icons to 32 KB to cater to more common use of HiDPI icons.
  • Fixed some hard-coded branding strings in Sync still reading "Firefox", and similarly changed sync information URLs to point to our relevant pages.
  • Removed default profile bookmarks pointing to Firefox/Mozilla since the information there no longer applies to us.
  • Updated UA overrides and XSS configuration to deal with some problematic sites (e.g.: Google, Embedly)
  • Fixed several issues with the default theme causing problems with behavior due to styling (thanks, Antonius32) (Issue #384 and friends)
  • Fixed some miscellaneous issues in the internal jemalloc implementation.
  • Added a configure option to use the full jemalloc lib (jemalloc v3) if the builder so wishes (used for Linux, sys mallocs are not happy there either, so for our generic binaries we switched to this lib now)
    If you are a Linux maintainer for a specific distro, you should investigate if the system memory allocator works properly and doesn't cause memory leaks. In case of doubt or lack of time to test this it's recommended you switch to the jemalloc lib as well. To do this, combine --enable-jemalloc with --enable-jemalloc-lib in your mozconfig.
  • Worked around a crash caused by the XSS filter on some fora by bailing on too short and empty strings.
  • Fixed layout of reflowed comboboxes without enough space.
  • Fixed a crash related to flexboxes overflowing themselves. (Issue #396)
  • Added a simple implementation for Weak Messagelisteners. (Issue #399)
  • Fixed a crash for losing our cache entry while finishing up compression.
    (re-apply after unintentional back-out switching to Goanna)
  • Linux: Worked around driver bugs with Intel drivers that falsely report what they can support in max texture size.
  • Portable only: Removed compression of the browser components library after some reports that in certain configurations and environments it was causing issues with the browser.
Security fixes:
  • Updated the graphite font library to 1.3.7+ to solve CVE-2016-2796 and no less than 14 of its friends.
  • Updated NSS to to address several vulnerabilities (UAF, heap overflow).
  • Updated libvorbis to a much more recent version to fix multiple issues.
  • Crash fix and DiD fixes by holding strong references to objects in suspect places in the HTML parser. (CVE-2016-1961) (ZDI-CAN-3574)
  • Fixed several out-of-bounds issues in the VP8 decoder.
  • Fixed a potentially exploitable crash in XML/XSLT handling.
  • Applied some Kung Fu to HTML animations and transitions to prevent memory hazards.
  • Fixed applicable Mozilla code vulnerabilities CVE-2016-1965, CVE-2016-1960 (ZDI-CAN-3545), CVE-2016-1966, and CVE-2016-1963.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne