Software-update: Pale Moon 32.1.0

Versie 32.1.0 van Pale Moon is uitgekomen. Deze webbrowser is ooit begonnen als een fork van Mozilla Firefox. Door optimalisaties voor moderne hardware en het weglaten van Accessibility-features en Parental Controls presteerde hij toen een stuk beter. Ook was er een 64bit-versie beschikbaar, ruim voordat Mozilla deze zelf aanbood. Intern werkt het op Goanna, een van Mozilla's Gecko afgeleide browserengine. De browser is beschikbaar voor Windows en Linux, en als bèta ook voor macOS en FreeBSD.

Vanaf versie 30 identificeert de browser zich naar buiten toe weer als een Firefox-browser, wat het eenvoudiger moet maken om oudere browserextensies te gebruiken. De download van Pale Moon is alleen in het Engels; een apart Nederlands taalbestand is beschikbaar. In deze uitgave zijn de volgende veranderingen en verbeteringen doorgevoerd:

Pale Moon version 32.1.0

This is another major update with important compatibility improvements for the web. Most notably, our implementation of Google WebComponents is now at a state where we enabled them by default. Additionally, our Mac builds (for both Intel and ARM Macs) are no longer in beta and considered stable. Signed/notarized builds with the regular branding are available from the download page!

Changes/fixes:

• Shadow DOM and CustomElements, collectively making up WebComponents, have been enabled by default which should bring much broader web compatibility to the browser for many a site that uses web 2.0+ frameworks. See implementation notes.
• Tab titles in the browser now fade if they are too long instead of using ellipses, to provide a little more readable space to page titles. Note that this may require some updates to tab extensions or themes.
• A number of site-specific overrides have been updated or removed because they are no longer necessary or current with the platform developments in terms of web compatibility. We could use your help evaluating the ones that are still there; see the issue on our repo.
• Updated our promises and async function implementation to the current spec.
• Implemented Promise.any()
• Fixed several crashes related to regular expression code.
• Improved regular expression object handling so it can be properly garbage collected.
• Fixed some VP8 video playback.
• Fixed an issue where the caret (text cursor) would sometimes not be properly visible.
• Updated the embedded emoji font.
• Implemented the :is() and :where() CSS pseudo-classes.
• Implemented complex selectors for the :not() CSS pseudo-class.
• Implemented the inset CSS shorthand property.
• Implemented the env() environment variable CSS function. See implementation notes.
• Implemented handling for both RGB encoded video playback (instead of just YUV).
• Implemented handling for full-range videos (0-255 luminance levels) giving better video playback quality.
• Removed the WebP image decoder pref. See implementation notes.
• Enabled the Web text-to-speech API by default (only supported on some operating systems).
• Updated NSPR to 4.35 and NSS to 3.79.4
• Cleaned up unused "tracking protection" plumbing. See implementation notes.
• Cleaned up URI Classifier plumbing (Google SafeBrowsing leftover).
• Fixed several intermittent and difficult-to-trace crashes.
• Improved content type security of jar: channels. DiD
• Improved JavaScript JIT code generation safety. DiD
• Fixed potential crash scenarios in the graphics subsystem. DiD
• Improved filename safety when saving files to prevent potential environment leaks.
• Security issues addressed: CVE-2023-25751, CVE-2023-28163 and several others that do not have a CVE.
• UXP Mozilla security patch summary: 1 fixed, 4 DiD, 14 not applicable.

Implementation notes:

• Google WebComponents has been long-running major feature work in UXP. We're finally at a level with this (after several setbacks and brick-walling) that it can be enabled by default. Please note that while this greatly improves web compatibility with many Chrome-focused websites using these controversial technologies, our implementation is not yet complete and more work is necessary. As a result, this change to enable it by default may actually break some previously-working websites as well, but it's expected the majority will work at our current state of implementation. Please visit the forum if you need help with web compatibility issues.
• The env() CSS function was implemented for compatibility with websites that rely on this without fallback. Note that this function actually has no real use for desktops as it is primarily used to indicate environmental restrictions of mobile screens, e.g. extra space needed to avoid a camera notch or folding screen margin. However, due to the way certain sites implement their styling in a mobile-first approach, it is assumed that this function is available on all systems and in all browsers by these sites. Note that Pale Moon simply hard-codes queried values here.
• WebP images have had a stable and complete implementation in Pale Moon for a long time now, so the preference to disable support for it has been removed, as it's considered by now to be one of the "staple" image formats supported by web browsers. This was done to reduce complexity for content negotiation, especially since we're adding more support for JPEG-XL that still isn't as-complete. From here on out, we simply always support WebP decoding.
• While we've had a preference for "tracking protection" in our browser implementation (in about:config), this marketed feature of Firefox was never adopted by us, because it is for the most part a service-based feature, and the non-service parts were undesirable as they were crippling useful APIs. Our effective protection against tracking has not changed, we have simply removed the preference and plumbing for a non-functional service feature that would potentially give the false impression it would do anything.
• As a reminder, if you are concerned about tracking, use a competent adblocker extension, and enable "Tell sites not to share or sell my data" in Preferences -> Privacy under "Data Privacy". You may also want to enable "canvas poisoning" by setting canvas.poisondata to true in about:config to reduce the risk of fingerprinting through canvases.