Pale Moon 25.6 released!
Posted: 2015-07-27, 09:22
Pale Moon has been updated to 25.6, which is a major update to the browser, addressing usability issues, crash fixes and security fixes.
- Canvas anti-fingerprinting option: Pale Moon now includes the option to make canvas fingerprinting much more difficult. By setting the about:config preference canvas.poisondata to true, any data read back from canvas surfaces will be "poisoned" with humanly-imperceptible data changes. By default this is off, because it has a large performance impact on the routines reading this data.
- Added a feature to allow icon fonts to be used even when users disallow the use of document-specified fonts. This should retain full navigation for icon-font heavy websites (no more dreaded "boxes" with hex codes) when custom text fonts are disabled.
- Added a feature to prevent screen savers from kicking in when playing full-screen HTML5 video. This is currently not yet operational on Linux because of stability issues we've run into on that OS, but Windows should properly benefit from this change.
- The "autocomplete=off" parameter for signon forms is now completely ignored by default, to keep the user in control of their browser's behavior and allowing credentials to be saved if wished. If you prefer the previous behavior, allowing a website to determine whether autocomplete should be allowed or not, then change the about:config preference signon.ignoreAutocomplete to false.
- Reinstated the packaging of pre-compiled scripts in the browser. Hopefully this will fix the reports by some users who found that initial start-up after installation/upgrade of the browser was unacceptably slow. Unfortunately this means a slightly larger download/install size as a trade-off.
- Added the option to use Chrome://../skin/ overrides, in effect allowing the use of "Icon themes"; toolbar icon replacements to customize your browser icons without the need for any CSS or full-blown theming.
- Added a count for the number of matches in the find bar. it will now list the total number of matches found, and which match is the currently highlighted one.
- Fixed the issue where highlighted words after finding and highlighting them all in a page would remain highlighted when closing the find bar.
- Added support for CSP 'nonce' keywords (CSP 1.1/2.0). Please note that this is still experimental and may not work 100% as-expected. Please report any bugs you may find.
- Aligned CSP more with the spec in terms of reporting and case-sensitivity of matches, and made it more app-friendly.
- Added -moz-os-version selectors for @media CSS queries to simplify theming on different operating systems (esp. Windows).
- Updated and improved several languages for the Status Bar code, and added Slovenian.
- Fixed an issue in the internal updater window not showing proper language strings.
- Fixed an issue where the unexpected use of "backface-visibility" on non-3D transformed elements (like the body) would break positioned elements on web pages.
- Fixed text positioning in the combobox display area when a non-default height is set for the combobox.
- Fixed a crash caused by bad Opus audio encoding in media files.
- Fixed a crash when trying to measure memory in about:memory while playing video.
- Fixed a rare crash in sLayersAccelerationPrefsInitialized
- Fixed miscellaneous other crashes.
- Fixed a DNS prefetching issue for the people using this feature.
- Fixed an issue with single-word searches from the address bar when a proxy is in use.
- Fixed a number of build issues on Linux when using system libs.
- Added support for link-time optimization on newer Linux compilers.
- Removed more telemetry code (ongoing project!).
- Fixed a memory safety bug due to a bad test in nsZipArchive.cpp (CVE-2015-2735).
- Fixed a memory safety bug in nsZipArchive::BuildFileList (CVE-2015-2736).
- Fixed a memory safety bug caused by an overflow in nsXMLHttpRequest::AppendToResponseText (CVE-2015-2740).
- Fixed a Use After Free in CanonicalizeXPCOMParticipant (CVE-2015-2722).
- Fixed off-main-thread nsIPrincipal use of various consumers in the tree (only grab the principal when needed).
- Fixed an issue where an IPDL message was sent off the main thread.
- Fixed a potentially exploitable TCPSocket crash due to a race condition.