Unsolved
3 Apprentice
•
15.2K Posts
0
17
Updates 6/18/24 - Pale Moon
Pale Moon v33.2.0 (2024-06-18)
This is a development, stability and security release.
Note: Mac builds have switched to Xcode 15 and are now cross-compiled from Apple silicon for Intel targets. While the resulting builds have been tested on a few Intel Mac systems, this is a big build change, so please get in touch through our forum if you experience any issues with these builds on Mac.
New features:
- Implemented the missing parts of the html5
<dialog>
element, including modal handling and custom backdrops. - Implemented courser, user-configurable granularity for the canvas poisoning anti-fingerprinting measure. See implementation notes.
- Implemented new CSS viewport units
svw
,svh
,svmin
,svmax
,lvw
,lvh
,lvmin
,lvmax
,dvw
,dvh
,dvmin
anddvmax
. - Implemented new CSS logical viewport units
vb
,vi
,svb
,svi
,lvb
,lvi
,dvb
anddvi
.
Changes/fixes:
- Removed the archaic and wholly outdated FIPS security module code.
- Removed the archaic DBM support code for storing of passwords in DBM format files.
- Removed the
-moz
prefix from-moz-fit-content
, aligning with the current CSS standardfit-content
value. - Updated our build system by adopting parts of the old autoconf 2.13 as maintained code. autoconf 2.13 is no longer a build requirement. If you build from source, you may want to review your dependencies with this change.
- Fixed issues when building with GCC 14.* and Clang 16.*.
- Fixed issues with emoji sequence clusters causing incorrect rendering of emoji glyphs in some cases.
- Made some arguments to the legacy XPathEvaluator/XPathExpression interfaces optional for web compatibility.
- Fixed a crash when reporting JavaScript module exporting errors.
- Updated checking of special cookie prefixes to be case-insensitive in accordance with the current RFC 6265 (bis-11+).
- Fixed issues with external protocol handlers.
- Fixed an issue where autocomplete pop-ups would stay open in some circumstances.
- Fixed an issue with potentially bad file names being entered by the user to "Save As...".
- Fixed several crashes and race conditions.
- Security issues addressed: CVE-2024-5699, CVE-2024-5702 DiD, CVE-2024-5690, CVE-2024-5698 DiD, CVE-2024-5688 DiD, CVE-2024-5692 and several other security issues (some more DiD) that do not have CVE numbers assigned to them.
Implementation notes:
- While we have had canvas data poisoning as an option for a very long time (we introduced it as a concept), it was pointed out that having a fast rotation on the poisoning leading to new and unique canvas hashes every time a user would navigate was a red flag to trackers that poisoning is being employed, mitigating its intent. A different implementation of canvas poisoning was created that will still provide human-imperceptible data manipulation of canvases leading to bogus hashes for trackers, but now in such a way that this hash will not change for a courser, but variable time frame. This time frame defaults to 5 minutes in this release, which may be tweaked in the future if necessary, but is also entirely user-configurable between 1 second and 8 hours with the preference
canvas.poisondata.interval
(indicated in seconds).
=======
Available via the internal updater: Help / Check for Updates
or Full downloads: Pale Moon for Windows downloads
(edited)