Pale Moon Version 30 Released with Security Updates and Return to Firefox's GUID

[Corrine]

Pale Moon has been updated to version 30.0.0.  In addition to security fixes as well as extensive internal changes, of note is the following:

"Pale Moon is abandoning its own GUID (globally-unique identifier) and adopting Firefox's GUID instead to provide maximum compatibility with old and unmaintained Firefox extensions alongside those that are maintained on our add-ons site."

Most notable user-facing/implementation changes:

• Implemented Global Privacy Control, taking the place of the unenforceable "DNT" (Do Not Track) signal. If you previously enabled DNT, then this preference will be adopted for Global Privacy Control (GPC). Through GPC, you indicate to websites that you do not want them to share or sell your data.
  
• "Default browser" controls in preferences has been moved to "General".
  
• Updated emoji support to Twemoji 13.1.
  
• Implemented Selection.setBaseAndExtent() for web compatibility.
  
• Implemented queueMicroTask() for web compatibility.
  

Bugfixes, stability and security:

• Updated various in-tree libraries: cubeb, sqlite, cairo, ...
  
• Fixed an issue with the Linux desktop shortcut file to solve potential DE integration problems on common distributions.
  
• Fixed an issue with page and iframe content margins not being applied properly when passed as attributes instead of CSS.
  
• Ensured JavaScript and JSON files are always recognized as known MIME types so they can be opened appropriately from local sources.
  
• Fixed an issue with rapid loading and unloading of js modules causing browser crashes.
  
• Fixed an issue with tooltips being cut off at the end if containing exceedingly long unwrappable series of characters.
  
• Fixed several application crash scenarios. DiD
  
• Fixed a large number of thread locking/mutex issues. DiD
  
• Fixed a leak of content types due to inconsistent error reporting. (CVE-2022-22760)
  
• Fixed an issue with iframe sandboxing not being properly applied. (CVE-2022-22759)
  
• Fixed a potential leak of bookmarks from the exported bookmarks file if it included a malicious bookmarklet.
  
• Fixed an issue with drag-and-drop. (CVE-2022-22756)
  
• Fixed a potential crash due to truncated WAV files.
  
• Fixed a memory safety issue with XSLT. (CVE-2022-26485)
  

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.
Update
To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle]https://developer.palemoon.org/docs/release-engineering/]Release Cycle

[Forlorn]

Glad to see that Pale Moon is still letting us use NoScript

[Corrine]

Unplanned outage by Moonchild:

As you may have noticed there has been an unplanned outage of all palemoon.org sites and services.
Unfortunately this was caused by foul play at the hands of one of our own. I'll do a proper write-up of everything later, when I've gathered all the necessary data to make a coherent post explaining what happened.

The additional result of the referenced "foul play" is that the website hosting the Pale Moon Add-on's page with extensions, themes, language packs, plugins and more is not available, having been removed by the former member of the Pale Moon team.

[Corrine]

Moonchild has provided information about the outage and extensions website in a long post at Outage post-mortem, and apologies.

[v_v]

What a mess!  I remember that this Tobin fellow was also one of the major voices forcing the discontinuation of the XP-oriented MyPal browser (which was essentially a clone of PaleMoon tweaked to work on Windows XP).

I actually had held off updating until today.  Unfortunately I updated this morning before Moonchild posted all of the news.  Fortunately before updating I copied and relocated the MoonChild/PaleMoon folders from my users/appdata/roaming folders as a just in case.  This was because version 30 was supposed to make irreversible changes to the profile which is kept in the roaming folder.  So depending on how Moonchild decides to carry out the

. . . rollback of the milestone and security update to 29.4 as I'm not confident this can be solved immediately on v30 in a satisfactory way

I may need to delete everything related to PaleMoon and reinstall using one of the earlier versions, and then reinstall the profile folder.

Oh well, just another day on the internet!

v_v

[Corrine]

At this point, version 30 has been removed from the Pale Moon download site.

[plodr]

I had a year old version of PM (29.1) on my desktop computer which I never used. I finally used Revo to uninstall it and I won't be reinstalling it.

Moonchild's idea to keep the old addon/extension system of FF was a good idea. Then he decided to use his own system. I decided then to go back to FF which has more choices for addons and extensions than PM ever had.

There is also a thread on the PM forum about the problem with saving passwords. Apparently it saves them but never fills them in so you have to type in each time. That's not the behavior I want from a browser.

I replaced PM with the Brave browser which is based on chrome. I decided rather than learning how to deal with the new PM, I'd figure out how to deal with Brave.