CDHaha Download

Basilisk is a free and Open Source XUL-based web browser, featuring the well-known Firefox-style interface and operation. It is based on the Goanna layout and rendering engine (a fork of Gecko) and builds on the Unified XUL Platform (UXP), which in turn is a fork of the Mozilla code base without Servo or Rust.

Basilisk as an application is primarily a vessel for development of the XUL platform it builds upon, and additionally a potential replacement for Firefox to retain the use of Firefox Extensions.

Basilisk is development software. This means that it should be considered more or less “beta” at all times; it may have some bugs and is provided as-is, with potential defects. Like any other Free Software community project, it comes without any warranty or promise of fitness for any particular purpose. That being said: of course we will do our best to provide an as stable and secure browser as possible with every official release of Basilisk.

It should be noted that because of this focus on platform development, the browser itself (the application code) will be released and maintained mostly as-it-is, with very little change or development on the user interface or browser front-end features.

Basilisk is a modern, full-featured web browser and as such requires a reasonably modern system to properly run.
Windows requirements

Windows 7 or later. Windows XP or Windows Vista are not supported.
1GB of RAM (2GB or more recommended for heavy use).
Dedicated GPU strongly recommended.
A modern processor (must have SSE2 support as the absolute minimum)

Important differences with Mozilla Firefox:

Uses Goanna as a layout and rendering engine. Goanna behaves slightly differently than Gecko in certain respects and may result in different display of web pages. e.g.: Goanna renders gradients in a more accurate color space (non-premultiplied).
Builds on UXP, our XUL platform in development. As such XUL is alive and well in this browser and will not be deprecated.
Has some long-standing known issues with the Mozilla code-base fixed (e.g. CVE-2009-1232).
Does not use Rust or the Photon user interface. You can expect a familiar interface as-carried by Firefox between v29 and v56.
Does not use Electrolysis (e10s, multi-process browsing).
Does not require walled-garden extension signing.

These release notes are summaries of the most important changes for public releases.

v2024.02.03
Published 2024-02-03
This is a new milestone release.

Implemented a restricted version of the asynchronous clipboard API (navigator.clipboard). This API is restricted to writing only for obvious security considerations. It supports both plaintext and the standard DataTransfer methods. We did not implement the reinvented wheel concept of ClipboardItem objects.
Implemented support for SHA-2 (SHA-256/SHA-512/etc.) signatures for OCSP stapled responses.
Implemented PromiseRejectionEvent. Although this is rarely actually used, some common JS libraries (you know who you are!) use it as a feature level canary and start loading (broken!) Promise shims if it is not found, causing compatibility issues and broken websites due to the shims.
Aligned microtasks and Promises scheduling with the current spec and expected behavior.
We now no longer send click events to top levels of the document hierarchy when using non-primary buttons (use auxclick, instead, to capture these events).
Greatly improved the performance of box shadows.
Greatly improved the performance of file/data uploads over HTTP/2 (most of the secure websites out there).
Fixed several issues related to focus and content selection.
Fixed issues with the use of focus-within caused by unexpected processing of DOM events.
Fixed an issue with CSP not behaving as-expected when using importScripts(), and fixed a number of additional CSP-related issues.
Fixed a web compatibility issue with CORS preflights not sending the original request’s referrer policy or referrer header.
Fixed a spec compliance issue with StructuredClone.
Fixed a crash due to clamping code introduced for SetInterval and SetTimeout timers.
Fixed crashes when dynamic imports are canceled (e.g. by navigation).
Changed to now have its .files property be writable following a spec change and recommendation.
We are now requiring and building against the C++17 language standard.
Updated the in-tree ffvpx lib to 6.0.
Added a preference to allow users to completely disable reporting of CSP errors to webmasters. Using this is strongly discouraged as it will provide essential troubleshooting information to webmasters setting up CSP, and does not pose a privacy issue, but for those who really want it, it can now be fully disabled. The preference is security.csp.reporting.enabled.
Updated the IntersectionObserver interface to now also accept documents for the observer root instead of only HTML elements.
Cleaned up various bits of code surrounding GMP, memory allocation, system libraries, vestigial Android code, freetype2 and developer tools.
Improved efficiency of handling D3D textures.
Added initial and experimental Mac PowerPC and Big Endian support.
Added preferences for the user to control whether or not the tab page title should be included in the window title or not. In Private Browsing mode, the default is now to not show the title in the window. This was done to avoid potential leakage to system logs (e.g. GNOME shell logs or Windows event logs) of websites visited through the recorded window title. The new preferences are privacy.exposeContentTitleInWindow and privacy.exposeContentTitleInWindow.pbm for normal mode and Private Browsing mode, respectively.
Fixed several crashes in DOM and relating to dynamic JavaScript module imports.
Removed a restriction on Fetch preflight redirects, following a spec update.
Improved the handling of web workers if they get aborted mid-action.
Linux releases on both x86_64 and aarch64 are now built with GCC 11 and Oracle Linux 8.
Linux aarch64 releases are no longer considered to be in beta. Autoupdates will now work for Linux aarch64 builds moving forward.
Linux aarch64 builds are now available with both GTK2 and GTK3.
Refactored easy build shell script to use Oracle Linux 8 and GCC 11.
Refactored easy build shell script to work on both x86_64 and aarch64.
Changed some default Basilisk networking preferences to better respect privacy and security out of the box.
Fixed broken security section in the Page Info window.
Security issues addressed: CVE-2023-6863, CVE-2023-6858, CVE-2024-0746, CVE-2024-0741, CVE-2024-0743 DiD, CVE-2024-0750 DiD, and CVE-2024-0753.
UXP Mozilla security patch summary: 7 fixed, 4 DiD, 1 rejected (which was DiD at best), 34 not applicable.

v2023.12.09 Published 2023-12-08