CDHaha Download

相信很多朋友都正在使用或者曾经使用过Firefox（火狐）浏览器，毕竟对于这么一个具有传奇色彩的软件自然是要尝试一下的。不过一直以来，Firefox有着一个致命的缺点，那就是冷启动速度太慢，有的时候完成第一次启动甚至需要耗费将近1分钟的时间，这么一个看似小的缺陷却已经严重影响了那些首次尝试Firefox的用户热情，一些用户甚至因为无法忍受这一点而转投Chrome阵营。那么如果你也在被这个问题所困扰的话，我们建议你来使用一下“火狐”的同胞兄弟：“苍月”。

所谓“苍月”指的是Pale Moon，是一个基于Firefox浏览器修改优化而来的衍生版本，在Pale Moon项目的官方主页上，项目组人员详细的描述了Pale Moon相比于Firefox原版的修改内容，涉及针对各种处理器的特殊优化，以及对于内部脚本代码的修改和调整，官方表示，Pale Moon修改版相比于原版Firefox，会有25%的速度提升。

和其他修改版本不同，Pale Moon的修改内容都仅仅与性能有关，非性能提升内容并不会进行修改，如果你习惯了某些Firefox扩展，那么在Pale Moon中也可以进行安装。

经过简单的试用后，笔者深刻感受到了Pale Moon浏览器相比于Firefox的性能提升，冷启动时间有了大幅度缩短，并且整体浏览器响应速度非常的迅速。当然，关于速度方面的提升，用语言和图片是不足以描述的，具体有多快，我们还是建议大家下载试用一下。快与不快，一用便知。

Pale Moon 28.12.0 changes/fixes:

Added controls for WASM to the browser’s preferences, and enabled by default.
Enabled various arbitrarily-disabled CSS functions.
Added the use of basic path descriptors (i.e. polygon) to css clip paths.
Implemented multithreaded request signal handling for the Abort API. Please see implementation notes below.
Updated the included US-English dictionary, adding approximately 2500 additional words.
Removed the DOM battery API. This was already disabled for privacy reasons for a long while.
Fixed an erroneous warning displayed on toolkit-only add-ons like supplied dictionaries.
Fixed an issue with the sessionstore tab load preference.
Improved the generation of the names of downloaded files to prevent confusion. (CVE-2020-15658)
Fixed a code issue with base64 encoding of data.
Fixed 2 safety hazards in JavaScript. (One being CVE-2020-15656) DiD
Fixed a spec compliance issue with regards to the cross-origin loading of scripts. (CVE-2020-15652)
Improved the loading of a system DLL on Windows, preventing low-risk hijacking potential. (CVE-2020-15657) See implementation notes.
Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 2 defense-in-depth, 15 not applicable.

Implementation notes:

In 28.11.0, we introduced the Abort API as new code. The implementation of it still had an issue where especially web workers would not always see the availability of abort signals on fetch requests while AbortSignal was implemented in the browser. This effectively made some websites (especially those using a particular polyfill for the Abort API that would detect the need to polyfill by way of Request.signal) throw errors that were fine before. We offered users a workaround by temporarily disabling the AbortController in the browser by way of a preference (dom.abortController.enabled). v28.12.0 fixes the multi-threaded handling of signals, which should solve these problems. As such, the workaround is no longer needed and upon upgrade the preference will be reset to enable AbortControllers again.
DLL-hijacking on Windows would only be possible if a malicious actor already either gained administrative access to the program’s installation folder or otherwise have unrestricted access to the program folder (by having it installed in local application folders inside the user’s profile space or other insecure program locations). In that case the system is already compromised and any executable can be replaced, so having dll loading hijacked would be the least of your concerns (i.e. the main program .exe could also be replaced/infected in that case).

Pale Moon 28.12.0