These release notes are summaries of the most important changes for public releases.
This is a major update.
Very Important: This is the first public release from the Basilisk Development team. As such, the vendor name in the application has changed. This means the profile directory has changed. See here for more info.
You will have to perform a manual update if you are currently running Basilisk 2022.01.27 as it was compiled without an updater.
Note: Many things have changed since 2022.01.27 and 2022.08.06. We've tried to note all changes here but it is very likely something was missed.
- Fixed several application crash scenarios. DiD
- Fixed a number of thread locking/mutex issues. DiD
- Fixed a leak of content types due to inconsistent error reporting. (CVE-2022-22760)
- Fixed an issue with iframe sandboxing not being properly applied. (CVE-2022-22759)
- Fixed a potential leak of bookmarks from the exported bookmarks file if it included a malicious bookmarklet.
- Fixed an issue with drag-and-drop. (CVE-2022-22756)
- Fixed a potential crash due to truncated WAV files.
- Fixed a memory safety issue with XSLT. (CVE-2022-26485)
- Fixed a potential crash issue on bing.com.
- Fixed some thread locking issues. DiD
- Worked around a Mesa driver bug that could cause crashes.
- Fixed a potential resource access issue in devtools. DiD
- Security issues with CVEs addressed: CVE-2022-1097, CVE-2022-28285 (DiD) and CVE-2022-28283 (DiD).
- Implemented Global Privacy Control, taking the place of the unenforceable "DNT" (Do Not Track) signal. Through GPC, you indicate to websites that you do not want them to share or sell your data.
- Implemented "optional chaining" (thanks, FranklinDM!).
- Implemented setBaseAndExtent for text selections.
- Implemented queueMicroTask() "pseudo-promise" callbacks.
- Implemented accepting unit-less values for rootMargin in Intersection observers for web compatibility, making it act more like CSS margin as one would expect.
- Improvements to CSS grid and flexbox rendering and display following spec changes and improving web compatibility.
- Improved display of cursive scripts (on Windows). Good-bye Comic Sans!
- Updated various in-tree libraries.
- Added support for extended VPx codec strings in media delivery via MSE (RFC-6381).
- Fixed a long-time regression where the browser would no longer honor old-style body and iframe body margins when indicated in the HTML tags directly instead of CSS. This improves compatibility with particularly old and/or archived websites.
- Fixed several crashes and stability issues.
- Removed all Google SafeBrowsing/URLClassifier service code.
- Restored Mac OS X code and buildability in the platform.
- Removed the non-standard ArchiveReader DOM API that was only ever a prototype implementation.
- Removed most of the last vestiges of the invasive Mozilla Telemetry code from the platform. This potentially improves performance on some systems.
- Removed leftover Electrolysis controls that could sometimes trick parts of the browser into starting in a (very broken) multi-process mode due to some plumbing for it still being present, if users would try to force the issue with preferences. Obviously, this was a footgun for power users.
- Removed more Android/Fennec code (on-going effort to clean up our code).
- Removed the Marionette automated testing framework.
- Security issues addressed: CVE-2022-29915, CVE-2022-29911, and several issues that do not have a CVE number.
- Implemented "nullish coalescing operator" (thanks, FranklinDM!) for web compatibility.
- Fixed various crash scenarios in XPCOM.
- Fixed an important stability and performance issue related to hardware acceleration.
- Fixed a long-standing issue where dynamic datalist updates for
<select> and similar elements wouldn't properly update the option list.
- Disabled broken links to MDN articles in developer tools.
- Updated media support to include support for libavcodec 59/FFmpeg 5.0 for MP4 playback on Linux (thanks, Travis!)
- Enabled the date picker for
<input type=date>. See implementation notes.
- Re-enabled the use of FIPS mode for NSS. See implementation notes.
- Improved memory handling in the graphics subsystem of Goanna.
- Updated FFvpx to v4.2.7
- Slightly reduced strictness of media checking for improved compatibility with questionable "gif" video encoders used on major websites.
- Cleaned up the way file pickers (file open/save/save as dialogs) are handled on Windows.
- Restored the gMultiProcessBrowser property of the browser for Firefox extension compatibility. See implementation notes.
- Improved the way data is transferred to and from canvases to prevent memory safety issues.
- Reduced blocking severity for some extensions that were marked hard blockers for GRE (but aren't for UXP).
- Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other security issues that do not have a CVE number.
- Updated the list of blocked external protocol handlers to combat abuse of OS-supplied services on Windows.
- Fixed a potential issue with revoked site certificates when connecting through a proxy.
- Updated site-specific user agent overrides to work around bad sniffing practices of dropbox and vimeo.
- Security issues addressed: CVE-2022-34478, CVE-2022-34476, CVE-2022-34480 DiD, CVE-2022-34472, CVE-2022-34475 DiD, CVE-2022-34473 DiD, CVE-2022-34481 and a memory safety issue that doesn't have a CVE number.
- Implemented CSS white-space: break-spaces for web compatibility.
- Implemented Intl.RelativeTimeFormat for web compatibility.
- Implemented "Origin header CSRF mitigation". This is still disabled by default to investigate potential issues with CloudFlare-backed sites.
- Added preliminary support for building on Apple Silicon like M1/M2 SoC.
- Added support for building with Visual Studio 2022.
- Improved the handling of CSS "sticky" elements in tables.
- Improved stack size limits on all platforms. See implementation notes.
- Updated Unicode support to Unicode v11, and updated the ICU library accordingly. Building without ICU is no longer supported.
- Updated many in-tree third-party libraries to pick up various performance and stability improvements.
- Updated site-specific user-agent overrides to work around issues with Google fonts, Citi bank (again!) and MeWe.
- Removed some leftover (and unused) telemetry code in the platform and front-end.
- Fixed an issue with VP9 video playback on Windows on some systems.
- Fixed an issue with the add-ons manager not properly handling empty update URLs.
- Fixed a major performance regression on *nix based systems due to incorrect thread handling.
- Fixed volume handling when building with the sndio audio back-end.
- Cleaned up some unnecessary code from the source tree for unused build back-ends, Firefox marketplace "apps", and the rather ridiculous moz://a protocol handler.
- Updated NSS to 3.52.8 to pick up several defense-in-depth security fixes.
- Basilisk profile directory changed to reflect vendor change in application.
- Restore ability to build Basilisk on Mac OS X.
- Removal of telemetry code from Basilisk.
- UXP Mozilla security patch summary: 11 fixed, 14 Did, 4 rejected, 91 not applicable
Releases notes from releases by Moonchild Productions can be found here.