Basilisk is a free and Open Source XUL-based web browser, featuring the well-known Firefox-style interface and operation. It is based on the Goanna layout and rendering engine (a fork of Gecko) and builds on the Unified XUL Platform (UXP), which in turn is a fork of the Mozilla code base without Servo or Rust.
Basilisk as an application is primarily a vessel for development of the XUL platform it builds upon, and additionally a potential replacement for Firefox to retain the use of Firefox Extensions.
Basilisk is development software. This means that it should be considered more or less “beta” at all times; it may have some bugs and is provided as-is, with potential defects. Like any other Free Software community project, it comes without any warranty or promise of fitness for any particular purpose. That being said: of course we will do our best to provide an as stable and secure browser as possible with every official release of Basilisk.
It should be noted that because of this focus on platform development, the browser itself (the application code) will be released and maintained mostly as-it-is, with very little change or development on the user interface or browser front-end features.
Basilisk is a modern, full-featured web browser and as such requires a reasonably modern system to properly run.
Windows 7 or later. Windows XP or Windows Vista are not supported.
1GB of RAM (2GB or more recommended for heavy use).
Dedicated GPU strongly recommended.
A modern processor (must have SSE2 support as the absolute minimum)
v2020.04.17 Published 2020-04-17
This is a small compatibility update.
Enabled building of AV1 codec support (for real this time).
This is a major development update.
Important: It is possible that since 2020.03.04 your browser is no longer checking automatically for updates, due to an oversight in keeping a pre-release preference. You may have to check for updates manually from the About box. Please verify after updating that your updating preferences are set correctly for your use!
Changed site-specific overrides to use an operating system macro instead of hard-coding a version.
Changed the way hardware acceleration is set on various operating systems.
Fixed an incorrect preference preventing automatic updates by default.
Changed the geolocation service requests to https thanks to a generous service donation by IP-API.com.
Changed the security storage database type to SQLite.
Enabled AV1 support in all builds; this was erroneously not built in recent releases.
Fixed several potential crashes.
Re-imported the ExtensionStorage js module for use by browser extensions.
Removed the use of high-resolution Windows system timers from the layout refresh driver; this should help with some performance and battery life issues.
Fixed an issue with element outlines sometimes being drawn too large.
Fixed an issue with grid cell sizing.
Fixed an issue with layout frames (e.g. selection popups) being wrongly positioned.
Fixed unwanted behavior where created/focused pop-up windows could potentially cover the DOM fullscreen notification, hiding it from users. (CVE-2020-6810)
Fixed an issue where copying data as a curl request from developer tools would not properly escape parameters. (CVE-2020-6811)
Updated our sctp library code with several upstream fixes.
Fixed an issue with the release of document content viewers (CVE-2020-6819). Defense-in-depth.
Fixed an issue with handling functions with rest parameters. Defense-in-depth.
Removed HTTP Public Key Pinning (HPKP)
Removed HSTS preloading list support since these lists are no longer efficient.