This is an important update to the new release that addresses current incompatibilities with websites, updates security, and introduces new features:
- New feature: multi-line flexbox support.
Pale Moon now supports more advanced multi-line and multi-column flex elements. This will allow websites to use these elements for easier responsive design of web pages and ordering/layout of multiple elements. This has been on Pale Moon's to-do list for a while but was rather complex to tackle, hence the delay in implementation. This should address layout issues on several recently-updated websites (e.g. the MSN home page).
- New feature: added support for collapsed flex element items.
Previously, flex elements that would be "collapsed" through CSS would be hidden, but still take up their flex space.
- Enhanced feature: Content Security Policy (CSP)
Pale Moon now fully supports the CSP 1.0 specification allowing websites to set restrictions on content to prevent XSS (Cross-site scripting) attacks. Previously, the implementation in Pale Moon was partial, and did not support a number of features, resulting in some websites not rendering properly because Pale Moon was being too strict in enforcing the policy. This should address issues on websites enforcing CSP (e.g. the Dropbox web interface and FaceBook galleries).
- New feature: added support for iframes with inline content.
This added HTML5 feature makes it possible for web designers to specify the content of iframes in-line, instead of having to link to an external source. This allows for more dynamic use of iframe elements.
- Updated the Firefox Compatibility mode version to 31.9.
With the improvements in rendering, HTML5 support and overall feature set in this version, the Firefox Compatibility mode (as presented in the UserAgent string) has been bumped to prevent websites from complaining about "using a too old/unsupported version of Firefox" (e.g. Google websites) while offering those sites a Firefox Compatibility version that is in line with the "expected" feature set of the browser. User agent sniffing remains a really bad practice and should not be done, so this is combating a symptom rather than a cause. Pale Moon's new presented version is a close match, but will never be 100% so you may still run into some websites that don't like Pale Moon's user agent and require a manual override as outlined in the FAQ.
- Pale Moon no longer builds the so-called "media navigator" by default.
This module provides access to the user's webcam and microphone. Although it can be used for other purposes, in practice this is only used for WebRTC and, in fact, its support (GetUserMedia) is often mistaken for actually supporting WebRTC in a browser (causing errors since Pale Moon does not support WebRTC). No longer including these features reduces input complexity and overhead for a feature not actively used. This also circumvents privacy concerns/confusion like CVE-2014-1586.
- Improved tab handling on lightweight themes (personas) some more to enhance contrast on certain themes and to make the tab hover effect slightly more distinct.
- Fixed oversized/blocky menu arrows on Windows 8.1 in HiDPI mode.
- Fixed incorrect operating system being passed on to addons.mozilla.org.
- Fixed an error being thrown in the error console/web console when opening a new window.
- Removed the NVidia 3D Vision auxiliary utility library.
This library has been the likely cause for a number of crashes on NVidia cards, and is completely unnecessary for Pale Moon.
- Made the installer less aggressive for file type associations, to prevent "stealing" of globally associated file types.
- Android: improved restoring of session tabs.
- Android: added an option to automatically restore tabs.
An important thing to note with this new option is the following: with the option enabled, Pale Moon will now automatically restore tabs you had open previously when the app gets suspended (pushed out of memory by other apps, closed by swipe, etc.). The "quit" main menu option, however, completely shuts down your session, unloads Pale Moon from active memory, and tabs will not be automatically restored when you launch Pale Moon again. This is by design. To restore tabs in that situation, use the link from the home screen.
- Fixed several memory security hazards CVE-2014-1574 and CVE-2014-1575
- Fixed CVE-2014-1581.
- Fixed bug 1069584: Bail if a cairo surface is in an invalid state.
- Made sure to initialize surfaces for draw targets.
- Fixed bug 1074280: Use AsContainerLayer() in order to avoid a bad cast.
- Fixed several problems in the HTML parser (multiple vulnerabilities).
- Improved security of XHR by filtering out types of requests that can potentially be abused.