Pale Moon Version 25.1.0 Released with Security Updates

[ky331]

from http://www.palemoon.org/releasenotes.shtml

PaleMoon 25.1.0 (2014-11-14)
This is an important update after rapid development on the back-end to keep pace with the current changes on the web and improve compatibility with websites.

Fixes/changes:
•New feature: multi-line flexbox support.
Pale Moon now supports more advanced multi-line and multi-column flex elements. This will allow websites to use these elements for easier responsive design of web pages and ordering/layout of multiple elements. This has been on Pale Moon's to-do list for a while but was rather complex to tackle, hence the delay in implementation. This should address layout issues on several recently-updated websites (e.g. the MSN home page).
•New feature: added support for collapsed flex element items.

•Enhanced feature: Content Security Policy (CSP)
Pale Moon now fully supports the CSP 1.0 specification allowing websites to set restrictions on content to prevent XSS (Cross-site scripting) attacks. Previously, the implementation in Pale Moon was partial, and did not support a number of features, resulting in some websites not rendering properly because Pale Moon was being too strict in enforcing the policy. This should address issues on websites enforcing CSP (e.g. the Dropbox web interface and FaceBook galleries).
•New feature: added support for iframes with inline content.

•Updated the Firefox Compatibility mode version to 31.9.
With the improvements in rendering and overall feature set, the Firefox Compatibility mode (as presented in the UserAgent string) has been bumped to prevent websites from complaining about "using a too old/unsupported version of Firefox" (e.g. Google websites).
•Pale Moon no longer builds the so-called "media navigator" by default.
This module provides access to the user's webcam and microphone. Although it can be used for other purposes, in practice this is only used for WebRTC and, in fact, its support (GetUserMedia) is often mistaken for actually supporting WebRTC in a browser (causing errors since Pale Moon does not support WebRTC). No longer including these features reduces input complexity and overhead for a feature not actively used. This also circumvents privacy concerns/confusion like CVE-2014-1586.

•Improved tab handling on lightweight themes (personas) some more to enhance contrast on certain themes and to make the tab hover effect slightly more distinct.
•Fixed oversized/blocky menu arrows on Windows 8.1 in HiDPI mode.
•Fixed incorrect operating system being passed on to addons.mozilla.org.
•Fixed an error being thrown in the error console/web console when opening a new window.
•Removed the NVidia 3D Vision auxiliary utility library.
This library has been the likely cause for a number of crashes on NVidia cards, and is completely unnecessary for Pale Moon.

•Made the installer less aggressive for file type associations, to prevent "stealing" of globally associated file types.

•Android: improved restoring of session tabs.
•Android: added an option to automatically restore tabs.
An important thing to note with this new option is the following: with the option enabled, Pale Moon will now automatically restore tabs you had open previously when the app gets suspended (pushed out of memory by other apps, closed by swipe, etc.). The "quit" main menu option, however, completely shuts down your session, unloads Pale Moon from active memory, and tabs will not be automatically restored when you launch Pale Moon again. This is by design. To restore tabs in that situation, use the link from the home screen.

•Fixed memory security hazards CVE-2014-1574 and CVE-2014-1575 security fix
•Fixed CVE-2014-1581. security fix
•Fixed bug 1069584: Bail if a cairo surface is in an invalid state. security fix
•Made sure to initialize surfaces for draw targets. security fix
•Fixed bug 1074280: Use AsContainerLayer() in order to avoid a bad cast. security fix
•Fixed several problems in the HTML parser. security fix
•Improved security of XHR by filtering out types of requests that can potentially be abused. security fix

[plodr]

Thanks. One computer updated; three more to go.

[Corrine]

via Pale Moon Facebook post:

The current temporary versions of AdBlock Plus and AdBlock Edge have been removed from the add-ons site due to clear requests from either product owner and clear indications of them not willing to support Pale Moon. We are working on providing you with our in-house maintained alternative as soon as possible (likely within a day) to replace both these extensions with one new solution called AdBlock Latitude (ABL). More information will follow when this is released to the public.

comment by Matt Tobin, one of the developers:

ABL will indeed make use of all your current Adblock Plus settings.. Though those users on Adblock Edge will have to reconfigure.

There are plans in the future to change it to use its own settings and include some form of migration to translate ABP and ABE's prefs over to ABL specific.

[Corrine]

Adblock Latitude released!:

Adblock Latitude (ABL), our in-house fork of Adblock Plus, has been released!

If you are currently a user of Adblock Plus or Adblock Edge, you should switch to Adblock Latitude.

The extension:

• Is a drop-in replacement for ABP and will pick up your ABP settings.
  
• Also replaces ABE, because it does not include the "acceptable ads" feature.
  
• Can still show acceptable ads if you wish it and wish to support the Internet economy, by enabling the relevant filter (under subscriptions) manually.
  
• Is only compatible with Pale Moon, version 25 (and later).
  
• Is able to communicate with ABP helper extensions like the Element Hiding Helper to extend its functionality.
  

A few things to note when switching:

• If you switch from ABP to ABL, please uninstall ABP, install ABL, and then exit & re-launch your browser to update the extension data like display texts and icons properly.
  
• If you switch from ABE to ABL, please uninstall ABE as it will otherwise conflict with ABL. You will have to reconfigure the adblocker since it will not pick up ABE's settings. Please make a note of any custom filters and settings before you uninstall ABE.
  

You can download the current version of ABL (3.0) from the add-ons website.

[Basil]

Adblock Latitude released!:

Thank you Corrine. Installed it and it seems to work well... :goodie:

[plodr]

Perhaps I did something wrong. I did not uninstall ABP because I was afraid it would not pick up my settings. I intended to do that after I had installed ABL.
ABL installed and ABP is nowhere to be found in my addon list, so I can't uninstall it.
The icon remains the same with the ABP on it. It doesn't look like the shield that shows ABL in my addon list.

This is my desktop computer. I test everything first on this one before I move to the other computers.
I'll wait for more clarification before I do anything to the other three Win 7 computers.

[Corrine]

I disabled ABP and then installed ABL.  After installing ABL, the ABP icon reappeared in the status bar and, like you, when I went to remove it, ABP was missing from Add-ons, replaced by ABL.

[plodr]

Thanks. So my icon is okay.
Maybe I didn't do as bad as I thought.

I considered removing the addon, rebooting, then reinstalling it. I'll just let it stand for awhile.

[Corrine]

I restarted the browser -- just because.  The main thing is that the add-on is working.

[JDBush61]

This morning: "Adblock Latitude has been installed successfully."

Thank you, Corrine.