Software-update: Pale Moon 28.11.0

Versie 28.11.0 van Pale Moon is uitgekomen. Deze webbrowser is ooit begonnen als een fork van Mozilla Firefox. Door optimalisaties voor moderne hardware en het weglaten van Accessibility features en Parental Controls presteerde hij toen een stuk beter. Ook was er een 64bit-versie beschikbaar, ruim voordat Mozilla deze zelf aanbood. Sinds Mozilla in versie 57 is overgestapt op Quantum, is er echter weinig meer dat de twee browsers nog verbindt.

Vlak voordat Mozilla met Quantum kwam, heeft het Pale Moon-ontwikkelteam de sourcetree van Firefox nog een keer geforkt en er de verbeteringen van Pale Moon aan toegevoegd. Zo is er bijvoorbeeld de lay-outengine Goanna, een fork van Gecko, waarvan nu de vierde generatie uit is. Daarnaast is er het Unified XUL Platform, wat kan worden beschouwd als een tegenhanger van het op Chromium-gebaseerde Electron. De download van Pale Moon is alleen in het Engels, een apart Nederlands taalbestand is beschikbaar. De releasenotes voor deze uitgave kunnen hieronder worden gevonden:

Changes/fixes:

• Changed storage format for certificates and passwords to SQLite.
• Added a preference (browser.tabs.insertAllAfterCurrent) to enable always adding new tabs after the current tab, whether related or not.
• Changed the way Firefox extensions are displayed in the add-on manager (provide a clear warning).
• Denied other types of add-ons that aren't explicitly targeting Pale Moon's ID.
• Improved the browser's DPI-awareness to be per-monitor instead of system-wide, on supported Windows operating systems.
• Updated bookmark backups code with the other half of what should have been done way back when, so they work fully as-intended.
• Added a preference (browser.bookmarks.editDialog.showForNewBookmarks) to enable immediately showing the edit dialog for new bookmarks.
  If set to true, clicking the star in the address bar will pop open the edit dialog immediately for changing details/sorting.
• Fixed the useragent string in native mode, and updated UA code to properly respond to live changes to some preferences.
• Tidied up front-end browser JavaScript.
• Changed the way sources are compiled (on-going de-unification).
• Improved compatibility with gcc v10
• Removed support for the obsolete and unmaintained NVidia 3DVision stereoscopic interface.
• Fixed some build issues in non-standard configurations.
• Fixed wrong positions when calculating the position for position:absolute child inside a table.
• Aligned file name extension of saved url files with other applications (lower case)
• Fixed building with --disable-webspeech (to disable speech synthesis)
• Added global menubar support for GTK.
• Implemented node.getRootNode
• Implemented AbortController (Abort API)
• Improved the uninstaller to use elevation when prudent and actually remove program files.
• Fixed a rare issue with editable page content.
• Fixed a crash related to ES module scripts.
• Aligned ES module scripting better with the current spec and removed eager instantiation.
• Fixed a potential issue with the JPEG encoder. (CVE-2020-12422) DiD
• Fixed a potential issue with AppCache manifests. DiD
• Fixed a potential crash in JavaScript date parsing.
• Fixed a problem with RSA key generation that would make it potentially vulnerable to side-channel attacks. (CVE-2020-12402)
• Fixed a potential crash due to multithread race condition. DiD
• Fixed a correctness issue in URL handling. (CVE-2020-12418) DiD
• Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 4 defense-in-depth, 10 not applicable.

DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.