Software-update: Pale Moon 27.3.0

Versie 27.3 van Pale Moon is uitgekomen. Deze webbrowser maakt gebruik van de broncode van Mozilla Firefox, maar is geoptimaliseerd voor moderne hardware. De Windows-versie van Mozilla Firefox wordt namelijk ontwikkeld met een zo groot mogelijke compatibiliteit in gedachte. Mede door concessies aan oudere hardware is de browser niet zo snel als hij zou kunnen zijn, aldus Pale Moon-maker Moonchild Productions.

Ten opzichte van Mozilla Firefox is onder meer ondersteuning voor oudere processors verwijderd. Ook zijn enkele zaken weggelaten, waaronder Accessibility features en Parental controls. Het resultaat is een browser die tot 25 procent beter zou presteren. Daarnaast is er een 64bit-versie van de browser beschikbaar. Meer informatie over het programma kan hier worden gevonden. Sinds versie 25 profileert Pale Moon zich meer als een eigen browser en niet meer als een alternatieve Firefox-versie.

De download van Pale Moon is alleen in het Engels. Er zijn verschillende vertalingen beschikbaar, maar de Nederlandse zit daar nog niet bij. Het programma gebruikt zijn eigen profielmap en deelt deze niet met Firefox, waardoor het mogelijk is om de twee naast elkaar te gebruiken. Sinds versie 27 wordt van de lay-outengine Goanna gebruikgemaakt, een door Moonchild Productions ontwikkelde fork van Gecko. In deze update zijn de volgende veranderingen en verbeteringen doorgevoerd:

Changes/fixes:

• Fixed up, checked and enabled vertical text writing modes!
  Pale Moon will now be able to display vertical, right-to-left script.
• Added the option to reset non-default profiles.
• Fixed various issues in the WebP image decoder.
• Added internally-supported document types to allowed <embed> types.
• Fixed locale selection in ICU after update to ICU58.
  (Note: Pale Moon uses the system locale for date formatting, not the browser locale)
• Re-implemented the previous spellchecker dictionary logic (allow user override of document/element language, improve logic and make it unambiguous).
• Ongoing fixes for the MP4 parser and MSE.
• Made HTML Media Elements' preload attribute MSE-spec compliant.
  The preload attribute on HTML media elements is now ignored in the case of an MSE source. This prevents an issue with sourceopen not firing when preload="none".
• Fixed some issues with Windows WMF media playback.
• Fixed an issue with Synced preferences sometimes overwriting stored individual preferences.
• Fixed display of RSS folder icons.
• Fixed issues with custom context menus.
• Fixed an issue importing bookmarks with separators losing their extra data.
• Changed the way numeric addresses are handled in the address bar so it doesn't perform a search when it shouldn't.
• Added an option (browser.sessionstore.cache_behavior) to control from which source restored tabs pull their page content:
  0 = load restored tab data from cache (current behavior, default)
  1 = refresh restored tab data from the network
  2 = refresh stored tab data from the network and bypass any cached data.
• Improved upon a v27 performance regression with SVG scaling.
• Improved performance by being more selective which CSS animations to process.
  As a side-effect, elements changing their display from "none" to something visible now also animate.
• Increased memory allocation for the use of very large PAC files.
• Added menu entries for the permissions manager and improvements to its function and display.
• Added preferences to control "highlight all" behavior of the find bar:
  accessibility.typeaheadfind.highlightallbydefault = true/false highlight all found words by default.
  accessibility.typeaheadfind.highlightallremember = true/false remember the last-used state of Highlight All.
• Added devtools command-line options.
• Added remote IP and protocol to Devtools->Network entry details.
• Added support for <details> and <summary> HTML tags.
• Fixed a regression in the MSIE profile migrator.
• Removed migration of browser-specific settings when migrating data from IE/Safari.
• Implemented optional parameters for permessage-deflate in preparation for RFC7692 errata making acceptance of them mandatory (and to prevent web compat issues due to the current conflicting text of it).
• Made the image document favicon skinnable.
• Aligned DOM selection addRange with the spec.
• Exposed mozAnon constructor js binding to system scopes for XHR.
• Enhanced form data handling from JavaScript.

Security/privacy changes:

• Updated NSS to 3.28.4-RTM to address a number of issues.
• Added support for RSA-AES(-GCM)-SHA256/384 suites to broaden compatibility.
• Reconfigured networking security: disabled static DHE suites by default, enabled all RSA-AES(-GCM)-SHA256/384 suites in their stead.
• Fixed referrer policy keyword to align with the current spec ("cross-origin" vs "crossorigin").
• Added an option to display punycode domain for IDN websites to combat phishing.
  This is enabled by default for domain-validated https sites.
  Preference: browser.identity.display_punycode
  0 = Display IDN name in identity panel (previous behavior)
  1 = Display punycode name for DV SSL domains (default)
  2 = Also display punycode for HTTP sites if IDN name used
• Fixed an issue to prevent contacting remote servers when a connection might get blocked.
• Fixed 3 public security flaws in libevent, which may affect Mozilla-based products.
• Fixed several memory- and thread-safety hazards.
• Fixed an address bar spoofing issue. (CVE-2017-5451)
• Fixed a potentially exploitable crash with HTTP/2. (CVE-2017-5446)
• Fixed several security hazards in XSLT processing. (CVE-2017-5438) (CVE-2017-5439) (CVE-2017-5440)
• Fixed several security hazards in old protocols. (CVE-2017-5444) (CVE-2017-5445)
• Fixed out-of-bounds access in text formatting. (CVE-2017-5447)
• Fixed a potentially exploitable issue with innerText. (CVE-2017-5442)
• Fixed a potentially exploitable issue in graphite font shaping.
• Fixed a potentially exploitable crash with credential-authentication.
• Fixed out-of-bounds access with text selection in rare cases.
• Fixed a security hazard in the ANGLE library.