Update 3/17/22 -PaleMoon

Pale Moon v30.0.0 (2022-03-17)

This is a new milestone release!

Following the change in direction as announced on the forum and directly driven by user feedback and community input, Pale Moon is abandoning its own GUID (globally-unique identifier) and adopting Firefox's GUID instead to provide maximum compatibility with old and unmaintained Firefox extensions alongside those that are maintained on our add-ons site.
Please understand that this gives more freedom for people to use potentially incompatible and old/insecure browser extensions, but also means we will have a more "hands-off" approach to it from this point forward which as a consequence means you will have to resolve more issues yourself and take more care, especially when using external/old extensions.
Please note that our current add-ons site will, for a while, serve both older versions of Pale Moon and newer ones in a side-by-side manner, and it is important that you do not spoof your user agent when visiting the add-ons site or you may be served the incorrect type of add-ons or add-on updates, or not receive them at all.

In addition, our platform code has been changed to a more streamlined version over the past months and UXP is no longer used (or maintained) by us in this milestone. UXP has been released to the community for maintenance and coordination to continue building on where desired. Instead, we are now building on the Goanna Runtime Environment™ (or GRE for short) focusing more tightly on the Goanna rendering engine and cutting out support for unmaintainable components and target platforms. More details about this change will follow in in-depth documentation on the developer site and/or the forum.

Due to the extensive internal changes in the source tree, these release notes focus only on relevant changes in the browser with regards to implementations, extensions and security/bugfixes, and is by no means exhaustive.

Most notable user-facing/implementation changes:

• Implemented Global Privacy Control, taking the place of the unenforceable "DNT" (Do Not Track) signal. If you previously enabled DNT, then this preference will be adopted for Global Privacy Control (GPC). Through GPC, you indicate to websites that you do not want them to share or sell your data.
• "Default browser" controls in preferences has been moved to "General".
• Updated emoji support to Twemoji 13.1.
• Implemented Selection.setBaseAndExtent() for web compatibility.
• Implemented queueMicroTask() for web compatibility.

For add-on developers:

• Pale Moon now internally identifies with the Firefox GUID. This does not affect how it identifies to the web.
• Direct support for legacy Firefox extensions has been restored. Pale Moon-exclusive extensions will need to be updated to target the Firefox GUID in their install manifest and, where applicable, in their JavaScript components and overlays.
• The browser no longer lives in a "browser" distribution subdirectory. If you are hard-coding paths this may affect you.
• appinfo.platformVersion is frozen for backwards compatibility. If you need to detect the platform version, you should use appinfo.greVersion instead.
• Themes: scrollbar-width is now mapped to an attribute on scrollbar controls (bars, resizers and corner controls) for better theme support of thin scrollbars.
• Language packs: the entire internationalization structure has changed; because this required re-verification of translations, some language packs may have a few more untranslated strings in them at the moment until our volunteers over at Crowdin catch up on the new milestone.

Bugfixes, stability and security:

• Updated various in-tree libraries: cubeb, sqlite, cairo, ...
• Fixed an issue with the Linux desktop shortcut file to solve potential DE integration problems on common distributions.
• Fixed an issue with page and iframe content margins not being applied properly when passed as attributes instead of CSS.
• Ensured JavaScript and JSON files are always recognized as known MIME types so they can be opened appropriately from local sources.
• Fixed an issue with rapid loading and unloading of js modules causing browser crashes.
• Fixed an issue with tooltips being cut off at the end if containing exceedingly long unwrappable series of characters.
• Fixed several application crash scenarios. DiD
• Fixed a large number of thread locking/mutex issues. DiD
• Fixed a leak of content types due to inconsistent error reporting. (CVE-2022-22760)
• Fixed an issue with iframe sandboxing not being properly applied. (CVE-2022-22759)
• Fixed a potential leak of bookmarks from the exported bookmarks file if it included a malicious bookmarklet.
• Fixed an issue with drag-and-drop. (CVE-2022-22756)
• Fixed a potential crash due to truncated WAV files.
• Fixed a memory safety issue with XSLT. (CVE-2022-26485)

====

Available via the internal updater: Help / Check for Updates

or from https://www.palemoon.org/download.shtml