Pale Moon (64-bit)

What's new in this version:

Changes:
- Implemented the URL API that's needed for a number of websites
- Changed internal keystroke handling within the spec to better align with generally expected behavior
- This should fix the infamous "backspace" issue on Facebook
- Web developers please note: calling preventDefault() in a "keydown" event handler will now prevent most keypress events from firing
- Linux: gstreamer 1.0 support has been implemented and enabled by default (hats off to Travis!)
- From this version forward you will need to have gstreamer 1.0 libraries for video playback (0.10 is no longer supported)
- Re-styled about:sessionrestore to use more available screen real estate for tab info
- Added an option to use the mousewheel for horizontal scrolling (mouse action value 4)
- (e.g. setting mousewheel.with_shift.action to 4 makes Shift+wheel scroll horizontally)
- Bumped max icon size for search engine icons to 32 KB to cater to more common use of HiDPI icons
- Fixed some hard-coded branding strings in Sync still reading "Firefox", and similarly changed sync information URLs to point to our relevant pages
- Removed default profile bookmarks pointing to Firefox/Mozilla since the information there no longer applies to us
- Updated UA overrides and XSS configuration to deal with some problematic sites (e.g.: Google, Embedly)
- Fixed several issues with the default theme causing problems with behavior due to styling (thanks, Antonius32) (Issue #384 and friends)
- Fixed some miscellaneous issues in the internal jemalloc implementation
- Added a configure option to use the full jemalloc lib (jemalloc v3) if the builder so wishes (used for Linux, sys mallocs are not happy there either, so for our generic binaries we switched to this lib now)
- Worked around a crash caused by the XSS filter on some fora by bailing on too short and empty strings
- Fixed layout of reflowed comboboxes without enough space
- Fixed a crash related to flexboxes overflowing themselves. (Issue #396)
- Added a simple implementation for Weak Messagelisteners. (Issue #399)
- Fixed a crash for losing our cache entry while finishing up compression
- (re-apply after unintentional back-out switching to Goanna)
- Linux: Worked around driver bugs with Intel drivers that falsely report what they can support in max texture size
- Portable only: Removed compression of the browser components library after some reports that in certain configurations and environments it was causing issues with the browser

Security fixes:
- Updated the graphite font library to 1.3.7+ to solve CVE-2016-2796 and no less than 14 of its friends
- Updated NSS to 3.19.4.2-PM to address several vulnerabilities (UAF, heap overflow)
- Updated libvorbis to a much more recent version to fix multiple issues
- Crash fix and DiD fixes by holding strong references to objects in suspect places in the HTML parser. (CVE-2016-1961) (ZDI-CAN-3574)
- Fixed several out-of-bounds issues in the VP8 decoder
- Fixed a potentially exploitable crash in XML/XSLT handling
- Applied some Kung Fu to HTML animations and transitions to prevent memory hazards
- Fixed applicable Mozilla code vulnerabilities CVE-2016-1965, CVE-2016-1960 (ZDI-CAN-3545), CVE-2016-1966, and CVE-2016-1963