Pale Moon Version 30 Released with Security Updates and Return to Firefox's GUID

[Corrine]

Pale Moon has been updated to version 30.0.0. In addition to security fixes as well as extensive internal changes, of note is the following:

"Pale Moon is abandoning its own GUID (globally-unique identifier) and adopting Firefox's GUID instead to provide maximum compatibility with old and unmaintained Firefox extensions alongside those that are maintained on our add-ons site."

Most notable user-facing/implementation changes:

• Implemented Global Privacy Control, taking the place of the unenforceable "DNT" (Do Not Track) signal. If you previously enabled DNT, then this preference will be adopted for Global Privacy Control (GPC). Through GPC, you indicate to websites that you do not want them to share or sell your data.
• "Default browser" controls in preferences has been moved to "General".
• Updated emoji support to Twemoji 13.1.
• Implemented Selection.setBaseAndExtent() for web compatibility.
• Implemented queueMicroTask() for web compatibility.

Bugfixes, stability and security:

• Updated various in-tree libraries: cubeb, sqlite, cairo, ...
• Fixed an issue with the Linux desktop shortcut file to solve potential DE integration problems on common distributions.
• Fixed an issue with page and iframe content margins not being applied properly when passed as attributes instead of CSS.
• Ensured JavaScript and JSON files are always recognized as known MIME types so they can be opened appropriately from local sources.
• Fixed an issue with rapid loading and unloading of js modules causing browser crashes.
• Fixed an issue with tooltips being cut off at the end if containing exceedingly long unwrappable series of characters.
• Fixed several application crash scenarios. DiD
• Fixed a large number of thread locking/mutex issues. DiD
• Fixed a leak of content types due to inconsistent error reporting. (CVE-2022-22760)
• Fixed an issue with iframe sandboxing not being properly applied. (CVE-2022-22759)
• Fixed a potential leak of bookmarks from the exported bookmarks file if it included a malicious bookmarklet.
• Fixed an issue with drag-and-drop. (CVE-2022-22756)
• Fixed a potential crash due to truncated WAV files.
• Fixed a memory safety issue with XSLT. (CVE-2022-26485)

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update
To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Release Notes
https://developer.palemoon.org/docs/release-engineering/]Release Cycle

 

[x BlueRobot]

I wonder if this will fix the user-agent string issue whereby some sites will believe that you're using an unsupported browser and refuse to load the page correctly?

 

[Corrine]

Unplanned outage by Moonchild:

As you may have noticed there has been an unplanned outage of all palemoon.org sites and services.
Unfortunately this was caused by foul play at the hands of one of our own. I'll do a proper write-up of everything later, when I've gathered all the necessary data to make a coherent post explaining what happened.

The additional result of the referenced "foul play" is that the website hosting the Pale Moon Add-on's page with extensions, themes, language packs, plugins and more is not available, having been removed by the former member of the Pale Moon team.

 

[Corrine]

Moonchild has provided information about the outage and extensions website in a long post at Outage post-mortem, and apologies.