Pale Moon 歷史版本列表
Pale Moon (32-bit)Pale Moon (64-bit)
更新時間:2017-11-29
更新細節:
What's new in this version:
- Implemented the concept of so-called "cookie-averse document objects" which is a security&privacy measure that blocks certain web content from setting cookiesThis mitigates cookie-injection, which might help against "hidden" cookie tracking
- Mitigated some domain name spoofing through IDN by using dotless-i and dotless-j with accents
- Pale Moon will display these kinds of spoofed domains in punycode now in the actual address bar
- Please note that the identity panel will always be able to help you on secure sites when IDNs are in use to notice potential spoofing, as opposed to relying on detection algorithms in the URL itselfAs such
- Fixed an issue with mixed-content blocking
- Added an extra check for the correct signature data type on certificates
- Added missing sanitization in exporting bookmarks to HTML
- Fixed several crashes and memory safety hazards
更新時間:2017-11-29
更新細節:
What's new in this version:
- Implemented the concept of so-called "cookie-averse document objects" which is a security&privacy measure that blocks certain web content from setting cookiesThis mitigates cookie-injection, which might help against "hidden" cookie tracking
- Mitigated some domain name spoofing through IDN by using dotless-i and dotless-j with accents
- Pale Moon will display these kinds of spoofed domains in punycode now in the actual address bar
- Please note that the identity panel will always be able to help you on secure sites when IDNs are in use to notice potential spoofing, as opposed to relying on detection algorithms in the URL itselfAs such
- Fixed an issue with mixed-content blocking
- Added an extra check for the correct signature data type on certificates
- Added missing sanitization in exporting bookmarks to HTML
- Fixed several crashes and memory safety hazards
更新時間:2017-11-15
更新細節:
What's new in this version:
- This is a minor bugfix release to address some pressing issues people have reported
Changes/fixes:
- Fixed a regression with new windows (opening two windows from the command-line or file association, focus issues on new windows, not loading the home page in a new window, etc.)
- Aligned XHR with the currect spec to allow withCredentials
- Fixed an input element focus issue within handlers
- Fixed the processing of all-padding HTTP/2 frames to prevent rare HTTP/2 hangups
- Updated CitiBank override to work around their login issues
- Updated Netflix override to a community-supplied one that seems to satisfy their arbitrary restrictions better
更新時間:2017-11-15
更新細節:
What's new in this version:
- This is a minor bugfix release to address some pressing issues people have reported
Changes/fixes:
- Fixed a regression with new windows (opening two windows from the command-line or file association, focus issues on new windows, not loading the home page in a new window, etc.)
- Aligned XHR with the currect spec to allow withCredentials
- Fixed an input element focus issue within handlers
- Fixed the processing of all-padding HTTP/2 frames to prevent rare HTTP/2 hangups
- Updated CitiBank override to work around their login issues
- Updated Netflix override to a community-supplied one that seems to satisfy their arbitrary restrictions better
更新時間:2017-11-08
更新細節:
What's new in this version:
Changes/fixes:
- Dropped support for Direct2D 1.0 to avoid font rendering issues. Windows installations not capable of using Direct2D 1.1 will now fall back to software rendering. As a result, fonts may look different from this version onwards if you are on Windows Vista or Windows 7. Users on Windows 7 affected by this should install the Platform Update to re-enable Direct2D
- Updated the Brotli decoder library, and enabled support for Brotli HTTP content-encoding by default
- Added notifications to inform users about WebExtensions not being supported if they try to install them (as opposed to "extension is corrupt")
- Added a number of DOM childNode convenience functions. This should fix some lazy-loading frameworks
- (enjoy your LOLcats again!)
- Changed automatic updates over to the new infrastructure
- Added extra proxy settings in Options, covering DNS lookups through SOCKS v5 and automatic proxy authentication with known credentials
- Added a selectable fallback character encoding of UTF-8 and fallback to UTF-8 as a last effort. (Issue #1423)
- Improved timing of canplay and canplaythrough firing to work around a potential race condition locking up queued video playback
- Improved upmixing of mono sound for multi-channel setups
- Fixed a parallelization issue with the KISS-FFT library causing CPU-deadlocked threads (Issue #1425)
- Fixed "Remove from history" function from the downloads panel
- Forced focus on the address bar in new windows if the content is a blank/empty document
- Fixed the dropmarker in the address bar to allow the suggestions to be closed with a click
- Further cleaned up the status bar code
- Disabled window.showModalDialog; it's been removed from the spec 2 years ago and has potential abuse issues (modal dialogs block the UI)
- Fixed image decoder calls to make sure the image load event doesn't fire prematurely
- Updated LibPNG to 1.6.28, and enabled faster SSE2 decoding
- Updated WOFF2 code from upstream
- Updated the zlib compression library
- Made general improvements to internal code structure and spec adherence
- Fixed an issue with certain command-line parameters being used
- Updated the default theme to improve consistency and contrast of toolbar and download buttons
- Increased the default duration of notification pop-ups and made them configurable
- Improved handling of audio-visual media (ongoing)
- Fixed an issue in CSS where elements would sometimes reflow to the next line even with sufficient visual space
- Aligned the implementation of for(let x=y;;) loops with the final ES6 specification
- Fixed the selection system inside of a nested contenteditable element being broken
- Fixed Windows 10 detection for blocklisting graphics drivers
- Enabled pasting of clipboard data in documents without an editor element to improve web compatibility
- Fixed the uninstallation routine of restartless add-ons
- Fixed the handling of unimplemented functions in the console API
- Updated the Facebook user-agent to enable otherwise vendor-restricted functionality
- Updated the SVG scaling cache limit to be more lenient for larger SVG images at a small performance trade-off, working around some sites' design issues
Security/privacy fixes:
- Added an option to clear Site Connectivity Data (delete history)
- Removed stale entries from the HSTS preload list, and improved generation/processing of it
- Removed undesired certificate issuer organization to common name fallback (if issuer org is empty)
- Added pretty-printing for ECDSA-SHA224, 256, 384 and 512 hashed certificate signatures
- Worked around some more issues with broken Apple fonts
更新時間:2017-11-08
更新細節:
What's new in this version:
Changes/fixes:
- Dropped support for Direct2D 1.0 to avoid font rendering issues. Windows installations not capable of using Direct2D 1.1 will now fall back to software rendering. As a result, fonts may look different from this version onwards if you are on Windows Vista or Windows 7. Users on Windows 7 affected by this should install the Platform Update to re-enable Direct2D
- Updated the Brotli decoder library, and enabled support for Brotli HTTP content-encoding by default
- Added notifications to inform users about WebExtensions not being supported if they try to install them (as opposed to "extension is corrupt")
- Added a number of DOM childNode convenience functions. This should fix some lazy-loading frameworks
- (enjoy your LOLcats again!)
- Changed automatic updates over to the new infrastructure
- Added extra proxy settings in Options, covering DNS lookups through SOCKS v5 and automatic proxy authentication with known credentials
- Added a selectable fallback character encoding of UTF-8 and fallback to UTF-8 as a last effort. (Issue #1423)
- Improved timing of canplay and canplaythrough firing to work around a potential race condition locking up queued video playback
- Improved upmixing of mono sound for multi-channel setups
- Fixed a parallelization issue with the KISS-FFT library causing CPU-deadlocked threads (Issue #1425)
- Fixed "Remove from history" function from the downloads panel
- Forced focus on the address bar in new windows if the content is a blank/empty document
- Fixed the dropmarker in the address bar to allow the suggestions to be closed with a click
- Further cleaned up the status bar code
- Disabled window.showModalDialog; it's been removed from the spec 2 years ago and has potential abuse issues (modal dialogs block the UI)
- Fixed image decoder calls to make sure the image load event doesn't fire prematurely
- Updated LibPNG to 1.6.28, and enabled faster SSE2 decoding
- Updated WOFF2 code from upstream
- Updated the zlib compression library
- Made general improvements to internal code structure and spec adherence
- Fixed an issue with certain command-line parameters being used
- Updated the default theme to improve consistency and contrast of toolbar and download buttons
- Increased the default duration of notification pop-ups and made them configurable
- Improved handling of audio-visual media (ongoing)
- Fixed an issue in CSS where elements would sometimes reflow to the next line even with sufficient visual space
- Aligned the implementation of for(let x=y;;) loops with the final ES6 specification
- Fixed the selection system inside of a nested contenteditable element being broken
- Fixed Windows 10 detection for blocklisting graphics drivers
- Enabled pasting of clipboard data in documents without an editor element to improve web compatibility
- Fixed the uninstallation routine of restartless add-ons
- Fixed the handling of unimplemented functions in the console API
- Updated the Facebook user-agent to enable otherwise vendor-restricted functionality
- Updated the SVG scaling cache limit to be more lenient for larger SVG images at a small performance trade-off, working around some sites' design issues
Security/privacy fixes:
- Added an option to clear Site Connectivity Data (delete history)
- Removed stale entries from the HSTS preload list, and improved generation/processing of it
- Removed undesired certificate issuer organization to common name fallback (if issuer org is empty)
- Added pretty-printing for ECDSA-SHA224, 256, 384 and 512 hashed certificate signatures
- Worked around some more issues with broken Apple fonts
更新時間:2017-10-11
更新細節:
What's new in this version:
Changes/fixes:
- Changed the default Windows 10 styling when no accent color is aplied to black-on-white
- Changed the theme styling on Windows 10 when the system window frame is used (menu bar enabled) to use the window manager background directly, preventing visual lag updating the window color when it changes
- Updated user agent overrides for DropBox, YouTube and Yahoo to work around user agent sniffing issues
- Fixed a crash in the media subsystem
- Fixed a regression where video playback hardware acceleration was disabled incorrectly on some systems
Security fixes:
- Updated libhyphen to the latest upstream code to fix a security issue
- Updated NSPR to 4.16-RTM with a patch to un-bust building on win64
- Updated NSS to 3.32.1-RTM
- Worked around some more issues with Mac fonts (CVE-2017-7825)
- Fixed a potential rooting hazard in NPAPI plugin code. DiD
- Fixed a potential reference issue in JavaScript arrays. DiD
更新時間:2017-10-11
更新細節:
What's new in this version:
Changes/fixes:
- Changed the default Windows 10 styling when no accent color is aplied to black-on-white
- Changed the theme styling on Windows 10 when the system window frame is used (menu bar enabled) to use the window manager background directly, preventing visual lag updating the window color when it changes
- Updated user agent overrides for DropBox, YouTube and Yahoo to work around user agent sniffing issues
- Fixed a crash in the media subsystem
- Fixed a regression where video playback hardware acceleration was disabled incorrectly on some systems
Security fixes:
- Updated libhyphen to the latest upstream code to fix a security issue
- Updated NSPR to 4.16-RTM with a patch to un-bust building on win64
- Updated NSS to 3.32.1-RTM
- Worked around some more issues with Mac fonts (CVE-2017-7825)
- Fixed a potential rooting hazard in NPAPI plugin code. DiD
- Fixed a potential reference issue in JavaScript arrays. DiD
更新時間:2017-09-26
更新細節:
What's new in this version:
Changes/fixes:
User interface:
- Added a menu option to restart the browser
- Added Windows-specific CSS parameters and queries for the use of the system accent color. Added are parameters -moz-win-accentcolor and -moz-win-accentcolortext, and the media query -moz-win-accentcolor-applies to know if Windows is actively using an accent color
- Changed Windows' browser CSS sheet ot use variables instead of hard-coding colors, simplifying its style and making it more flexible. Further cleaned up the Windows 10 specific browser style
- Changed the theme on Windows 10 to use the new accent colors and improve O.S. consistency
- Fixed some general inconsistencies in the Windows theme on all Windows operating systems
- Updated Windows widgets to be able to pick up Windows 10 accent colors dynamically and have the browser 's look and feel respond accordingly, even with automatic color changes based on desktop wallpaper
- Removed the experimental FF4 prerelease status-in-addressbar feature because the already-crowded address bar needs a break. This should solve some extension interop issues, theme issues and domain highlighting issues people have reported
- Cleaned up some dead code for the plugin updater that no longer exists
- Fixed a text direction issue in preferences
- Fixed an issue with disabled context menu entries after using Customize...
- Reorganized and cleaned up the status preferences
Media:
- MSE Media updates (ongoing). We are focusing on improving MP4 handling
- Improved MP3 metadata parsing (e.g. incorrect duration with embedded album cover)
- Fixed a number of searching issues in MP3 files
- Fixed a few crashes
- Fixed an issue with automatically exporting bookmarks to HTML on shutdown
- Fixed a regression re: domains allowed to/blocked from installing add-ons
- Fixed several internal errors thrown in the front-end
- Fixed several minor issues in the devtools
- Fixed a number of minor issues in the devtools
- Added a fix to prevent the home page from being loaded (and subsequently overridden) when restoring a session
- Added an option to control add-on blocklist behavior (Options -> Security)
- Added DOM function isSameNode()
- Added DOM onvisibilitychange event
- Added document.scrollingelement (CSSOM)
- Added a basic implementation of Object.values and Object.entries enumerator functions (ECMA2017 draft)
- Added "Open in new private window" to bookmarks, feeds and history entries
- Added HTTP request method OPTIONS
- Added an option to exit to a no-content page after encountering a network or security error
- This is controlled with the preference browser.escape_to_blank -- when set to true, "Get me out of here" buttons will load a blank page instead of the browser's home page
- Added experimental Brotli accept-encoding (alternative to gzip/deflate compressed http data transfer). Disabled by default for now because it causes issues
- Improved the handling of several CSS selectors
- Changed session storage to remember form data for https sites by default
- Added (yet another) trap prevention method to onbeforeunload events
- Fixed privacy preferences not correctly resetting all options when choosing "Remember History"
- Fixed not being able to deselect loading bookmarks in the sidebar
- Limited the display of user names and hosts in the http auth dialog to sane lengths, preventing over-sizing issues
- Fixed a number of potential crash points
- Improved the security of the Windows dll loader module
- Reinstated "Open all in tabs" option on folders of live bookmarks (feeds)
- Made URL matching more liberal in selected text to make it easier to open stated addresses
- Fixed an issue with Graphite font rendering where automatic font collision fixing didn't always work
- Color Management for images is now disabled by default on Linux, due to many distributions not having a streamlined setup with sane default ICC profiles, which makes images look worse when color management is enabled
- Tightened the update security check to prevent acceptance of update manifests that have been intercepted/replaced through https MitM attacks
- Please be aware that https-filtering antivirus may interfere with future application updates as a result
- Updated the ANGLE library to broaden WebGL support and reduce the potential of crashes (due to junk being sent to the video driver)
- Added content-sniffing for WebP images (working around CloudFront's incorrect content-type headers)
- Fixed a problem with some H.264 media not playing (SPS NAL)
- Improved timer efficiency (switch back to lower precision when high precision is no longer needed, reducing CPU/power consumption)
- Improved context search on selected text/links
- Updated address bar handling with Alt or Shift modifiers, so that "switch to tab" with a modifier can open copies of already-opened sites
- Added a fix on Linux for starting the browser from Enlightenment
- Privacy fix: Pale Moon will now clear QuotaManager storage (asm.js cache/IndexedDB data) as part of clearing Offline Website Data
更新時間:2017-09-26
更新細節:
What's new in this version:
Changes/fixes:
User interface:
- Added a menu option to restart the browser
- Added Windows-specific CSS parameters and queries for the use of the system accent color. Added are parameters -moz-win-accentcolor and -moz-win-accentcolortext, and the media query -moz-win-accentcolor-applies to know if Windows is actively using an accent color
- Changed Windows' browser CSS sheet ot use variables instead of hard-coding colors, simplifying its style and making it more flexible. Further cleaned up the Windows 10 specific browser style
- Changed the theme on Windows 10 to use the new accent colors and improve O.S. consistency
- Fixed some general inconsistencies in the Windows theme on all Windows operating systems
- Updated Windows widgets to be able to pick up Windows 10 accent colors dynamically and have the browser 's look and feel respond accordingly, even with automatic color changes based on desktop wallpaper
- Removed the experimental FF4 prerelease status-in-addressbar feature because the already-crowded address bar needs a break. This should solve some extension interop issues, theme issues and domain highlighting issues people have reported
- Cleaned up some dead code for the plugin updater that no longer exists
- Fixed a text direction issue in preferences
- Fixed an issue with disabled context menu entries after using Customize...
- Reorganized and cleaned up the status preferences
Media:
- MSE Media updates (ongoing). We are focusing on improving MP4 handling
- Improved MP3 metadata parsing (e.g. incorrect duration with embedded album cover)
- Fixed a number of searching issues in MP3 files
- Fixed a few crashes
- Fixed an issue with automatically exporting bookmarks to HTML on shutdown
- Fixed a regression re: domains allowed to/blocked from installing add-ons
- Fixed several internal errors thrown in the front-end
- Fixed several minor issues in the devtools
- Fixed a number of minor issues in the devtools
- Added a fix to prevent the home page from being loaded (and subsequently overridden) when restoring a session
- Added an option to control add-on blocklist behavior (Options -> Security)
- Added DOM function isSameNode()
- Added DOM onvisibilitychange event
- Added document.scrollingelement (CSSOM)
- Added a basic implementation of Object.values and Object.entries enumerator functions (ECMA2017 draft)
- Added "Open in new private window" to bookmarks, feeds and history entries
- Added HTTP request method OPTIONS
- Added an option to exit to a no-content page after encountering a network or security error
- This is controlled with the preference browser.escape_to_blank -- when set to true, "Get me out of here" buttons will load a blank page instead of the browser's home page
- Added experimental Brotli accept-encoding (alternative to gzip/deflate compressed http data transfer). Disabled by default for now because it causes issues
- Improved the handling of several CSS selectors
- Changed session storage to remember form data for https sites by default
- Added (yet another) trap prevention method to onbeforeunload events
- Fixed privacy preferences not correctly resetting all options when choosing "Remember History"
- Fixed not being able to deselect loading bookmarks in the sidebar
- Limited the display of user names and hosts in the http auth dialog to sane lengths, preventing over-sizing issues
- Fixed a number of potential crash points
- Improved the security of the Windows dll loader module
- Reinstated "Open all in tabs" option on folders of live bookmarks (feeds)
- Made URL matching more liberal in selected text to make it easier to open stated addresses
- Fixed an issue with Graphite font rendering where automatic font collision fixing didn't always work
- Color Management for images is now disabled by default on Linux, due to many distributions not having a streamlined setup with sane default ICC profiles, which makes images look worse when color management is enabled
- Tightened the update security check to prevent acceptance of update manifests that have been intercepted/replaced through https MitM attacks
- Please be aware that https-filtering antivirus may interfere with future application updates as a result
- Updated the ANGLE library to broaden WebGL support and reduce the potential of crashes (due to junk being sent to the video driver)
- Added content-sniffing for WebP images (working around CloudFront's incorrect content-type headers)
- Fixed a problem with some H.264 media not playing (SPS NAL)
- Improved timer efficiency (switch back to lower precision when high precision is no longer needed, reducing CPU/power consumption)
- Improved context search on selected text/links
- Updated address bar handling with Alt or Shift modifiers, so that "switch to tab" with a modifier can open copies of already-opened sites
- Added a fix on Linux for starting the browser from Enlightenment
- Privacy fix: Pale Moon will now clear QuotaManager storage (asm.js cache/IndexedDB data) as part of clearing Offline Website Data