This is a development and security update.
- Updated the browser identity code for website security to more clearly indicate website status.
A detailed explanation is available on the forum and beyond the scope of these release notes.
- Updated unofficial branding to be more generic and more clearly separate unofficial builds from Pale Moon as a product.
Please note that this goes hand in hand with an update of our redistribution license, and from this point forward any "New Moon" products are to be considered separate, and not unofficial Pale Moon builds or in any way related to or affiliated with Pale Moon, despite the similarity in name.
- Added a preference (
signon.startup.prompt
) to give users the option to ask for the Master Password the moment the application starts (before the main window opens). This allows a workaround for getting multiple Master Password prompts if individual components need access to the password store at the same time.
- Changed the way download sources are displayed to always use the actual domain downloads are from. In some situations the browser would previously display the domain of the referring page in an inconsistent fashion.
- Implemented the ES2019
Object.fromEntries()
utility function.
- Implemented the CSS
flow-root
keyword.
- (Re-)implemented percentage-based CSS opacity values according to the updated spec.
- Implemented the last few missing bits for a standards-compliant implementation of JavaScript modules.(preloading, resource: scheme, etc.)
- Implemented the
ResizeObserver
DOM API.
- Fixed a null crash on some websites using CSS clip paths.
- Updated script handling inside SVGs to only run scripts if they are enabled and permitted, avoiding a potential XSS pitfall.
- Fixed several memory safety hazards and crashes.
- Updated the MediaQueryList interface to the updated spec. It now inherits from
EventTarget
and implementsAddEventListener
/RemoveEventListener
in addition toAddListener
/RemoveListener
and should improve web compatibility for some sites.
- Removed support for the archaic and non-standard
<marquee>
element.
- Removed some leftovers from the discontinued plugin update checker service.
- Removed some internal HPKP implementation leftovers.
- Cleaned up the Windows widget code to reduce potentially vulnerable direct-dll loads.
- Security issues fixed: CVE-2020-15676 and CVE-2020-15677
- Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 1 defense-in-depth, 7 not applicable.
Built with the Unified XUL Platform - September 29, 2020 release.