Unlike Waterfox Classic, though, its developer doesn't have the honesty to warn users about its security defects. Pale Moon is still using their own fork of Firefox 56 that gets ever longer in the tooth, driven primarily by ego and denial. You can achieve most of the same effect by customizing Firefox settings, perhaps adding your own CSS to restyle the UI. In my opinion, the shallow forks don't add enough to be worth it. The problem with even these "shallow" forks of Firefox (or Firefox ESR) is that they always lag behind Firefox releases, which means there's always a (hopefully narrow, but not always!) window where Firefox users have received a security patch but fork users are still vulnerable. LibreWolf tracks mainline Firefox releases, and it's currently up-to-date with Firefox 105. Tor Browser also tracks Firefox ESR, and they're in the process of moving from 91 to 102 now (their 102-based release is in alpha). The current releases of Waterfox are based on Firefox ESR 91, and while that's now also a dead branch (as of about a week ago) I suspect they'll move to Firefox ESR 102 soon. Waterfox was based on a badly-aging Firefox 56 fork for a long time, but they've since renamed that to "Waterfox Classic", officially stopped work on it (unless a volunteer submits a patch), and advised people not to use it. It's currently very broken, and it looks like there's a mountain of work needed with only a few devs chipping away at it. There is also a "comm-central" fork that tracks the latest Firefox releases, but the first thing they say about that in the meeting notes is "Do not try to use (it)". There is parallel work on a release series (2.57.x) based on a fork of the last Firefox ESR 60 release (which had almost 2 additional years of security updates compared to Firefox 56), but they haven't announced anything about that branch in 3 years:īased on their last status meeting, it sounds like SeaMonkey 2.57 is still on the back-burner, is currently missing back-ports and patches that have been applied to 2.53, and has compilation issues with Rust versions newer than 3 years old: They've back-ported a lot of newer Firefox code where they could, but that leaves gaps, and they're still using code Mozilla hasn't supported in many years. The current SeaMonkey releases (2.53.x) are based on a (highly-patched/upgraded) fork of Firefox 56, which turns 5 years old tomorrow. Sadly, I doubt it's fully secure and it definitely isn't up-to-date. But I don't know how secure it is or if it's fully up to date. You could look into some forks like SeaMonkey. Moonchild has always waived his hands/paws at the security issues inherent in relying on Mozilla for security fixes when Pale Moon is using a ton of untested code that Mozilla removed years ago. I should point out that Tobin was/is an aggressively shitty person, so it may not be all bad. They weren't keeping up with the modern web when they had Tobin, and there's no way this gets better without him. Tobin stormed off 6 months ago, and tried to nuke the project on the way out the door, so now there's one main dev and a few contributors. They never had the resources or expertise needed to maintain a competitive and secure browser, and an army of skilled volunteers failed to appear to help, so they filled all the gaps with FUD (" HTTP/3 is bad", " Rust isn't strongly-typed", "WebAssembly can run arbitrary code", etc.) and trudged on for 5 years. They hated Mozilla's decision to remove XUL and thought they could build a better browser on their own. Pale Moon uses a hard fork of Firefox 56 because of the egos of its two main dev's (known as Moonchild and Tobin). Nobody should be recommending Pale Moon without providing a full disclosure of the significant risks that come with it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |