Vanaf versie 30 identificeert de browser zich naar buiten toe weer als een Firefox-browser, wat het eenvoudiger moet maken om oudere browserextensies te gebruiken. De download van Pale Moon is alleen in het Engels; een apart Nederlands taalbestand is beschikbaar. In deze uitgave zijn de volgende veranderingen en verbeteringen doorgevoerd:
Pale Moon 33.2.0
This is a development, stability and security release. Note: Mac builds have switched to Xcode 15 and are now cross-compiled from Apple silicon for Intel targets. While the resulting builds have been tested on a few Intel Mac systems, this is a big build change, so please get in touch through our forum if you experience any issues with these builds on Mac.
New features:
- Implemented the missing parts of the html5 <dialog> element, including modal handling and custom backdrops.
- Implemented courser, user-configurable granularity for the canvas poisoning anti-fingerprinting measure. See implementation notes.
- Implemented new CSS viewport units svw, svh, svmin, svmax, lvw, lvh, lvmin, lvmax, dvw, dvh, dvmin and dvmax.
- Implemented new CSS logical viewport units vb, vi, svb, svi, lvb, lvi, dvb and dvi.
Changes/fixes:
- Removed the archaic and wholly outdated FIPS security module code.
- Removed the archaic DBM support code for storing of passwords in DBM format files.
- Removed the -moz prefix from -moz-fit-content, aligning with the current CSS standard fit-content value.
- Updated our build system by adopting parts of the old autoconf 2.13 as maintained code. autoconf 2.13 is no longer a build requirement. If you build from source, you may want to review your dependencies with this change.
- Fixed issues when building with GCC 14.* and Clang 16.*.
- Fixed issues with emoji sequence clusters causing incorrect rendering of emoji glyphs in some cases.
- Made some arguments to the legacy XPathEvaluator/XPathExpression interfaces optional for web compatibility.
- Fixed a crash when reporting JavaScript module exporting errors.
- Updated checking of special cookie prefixes to be case-insensitive in accordance with the current RFC 6265 (bis-11+).
- Fixed issues with external protocol handlers.
- Fixed an issue where autocomplete pop-ups would stay open in some circumstances.
- Fixed an issue with potentially bad file names being entered by the user to “Save As…”.
- Fixed several crashes and race conditions.
- Security issues addressed: CVE-2024-5699, CVE-2024-5702 DiD, CVE-2024-5690, CVE-2024-5698 DiD, CVE-2024-5688 DiD, CVE-2024-5692 and several other security issues (some more DiD) that do not have CVE numbers assigned to them.
Implementation notes:
- While we have had canvas data poisoning as an option for a very long time (we introduced it as a concept), it was pointed out that having a fast rotation on the poisoning leading to new and unique canvas hashes every time a user would navigate was a red flag to trackers that poisoning is being employed, mitigating its intent. A different implementation of canvas poisoning was created that will still provide human-imperceptible data manipulation of canvases leading to bogus hashes for trackers, but now in such a way that this hash will not change for a courser, but variable time frame. This time frame defaults to 5 minutes in this release, which may be tweaked in the future if necessary, but is also entirely user-configurable between 1 second and 8 hours with the preference canvas.poisondata.interval (indicated in seconds).
