Basilisk est un navigateur internet "laboratoire", c'est-à-dire, que les développeurs le considère comme toujours en phase "bêta". Originellement crée par les développeurs de MoonChild Productions, éditeur du navigateur Pale Moon, il était destiné à tester certaines fonctions avant intégration à Pale Moon. Désormais, depuis août 2022, Basilisk vole de ses propres ailes grâce à une nouvelle équipe.
Toujours clone de Firefox et basé sur le moteur Goanna (fork de Gecko), cette nouvelle équipe continuera à développer le code (basé sur XUL) abandonné par l'équipe de Mozilla lors du basculement de Firefox 56 à 57 tout en le modernisant.
De ce fait, Basilisk est désormais un navigateur totalement indépendant et suit donc son propre rythme de mise à jour. Il est cependant disponible que sur Windows (à partir de Windows 7) et Linux. Une version compatible pour macOS ARM (M1/M2) est en préparation...
Basilisk
Version actuelle : 2024.02.03 - Voir les extensions disponibles
[🇺🇸] : Windows 32 bits, 64 bits | Linux
This is a new milestone release.
- Implemented a restricted version of the asynchronous clipboard API (navigator.clipboard). This API is restricted to writing only for obvious security considerations. It supports both plaintext and the standard DataTransfer methods. We did not implement the reinvented wheel concept of ClipboardItem objects.
- Implemented support for SHA-2 (SHA-256/SHA-512/etc.) signatures for OCSP stapled responses.
- Implemented
PromiseRejectionEvent
. Although this is rarely actually used, some common JS libraries (you know who you are!) use it as a feature level canary and start loading (broken!)Promise
shims if it is not found, causing compatibility issues and broken websites due to the shims. - Aligned microtasks and Promises scheduling with the current spec and expected behavior.
- We now no longer send
click
events to top levels of the document hierarchy when using non-primary buttons (useauxclick
, instead, to capture these events). - Greatly improved the performance of box shadows.
- Greatly improved the performance of file/data uploads over HTTP/2 (most of the secure websites out there).
- Fixed several issues related to focus and content selection.
- Fixed issues with the use of
focus-within
caused by unexpected processing of DOM events. - Fixed an issue with CSP not behaving as-expected when using
importScripts()
, and fixed a number of additional CSP-related issues. - Fixed a web compatibility issue with CORS preflights not sending the original request's referrer policy or referrer header.
- Fixed a spec compliance issue with
StructuredClone
. - Fixed a crash due to clamping code introduced for
SetInterval
andSetTimeout
timers. - Fixed crashes when dynamic imports are canceled (e.g. by navigation).
- Changed
<input type=file>
to now have its.files
property be writable following a spec change and recommendation. - We are now requiring and building against the C++17 language standard.
- Updated the in-tree ffvpx lib to 6.0.
- Added a preference to allow users to completely disable reporting of CSP errors to webmasters. Using this is strongly discouraged as it will provide essential troubleshooting information to webmasters setting up CSP, and does not pose a privacy issue, but for those who really want it, it can now be fully disabled. The preference is
security.csp.reporting.enabled
. - Updated the IntersectionObserver interface to now also accept documents for the observer root instead of only HTML elements.
- Cleaned up various bits of code surrounding GMP, memory allocation, system libraries, vestigial Android code, freetype2 and developer tools.
- Improved efficiency of handling D3D textures.
- Added initial and experimental Mac PowerPC and Big Endian support.
- Added preferences for the user to control whether or not the tab page title should be included in the window title or not. In Private Browsing mode, the default is now to not show the title in the window. This was done to avoid potential leakage to system logs (e.g. GNOME shell logs or Windows event logs) of websites visited through the recorded window title. The new preferences are
privacy.exposeContentTitleInWindow
andprivacy.exposeContentTitleInWindow.pbm
for normal mode and Private Browsing mode, respectively. - Fixed several crashes in DOM and relating to dynamic JavaScript module imports.
- Removed a restriction on Fetch preflight redirects, following a spec update.
- Improved the handling of web workers if they get aborted mid-action.
- Linux releases on both x86_64 and aarch64 are now built with GCC 11 and Oracle Linux 8.
- Linux aarch64 releases are no longer considered to be in beta. Autoupdates will now work for Linux aarch64 builds moving forward.
- Linux aarch64 builds are now available with both GTK2 and GTK3.
- Refactored easy build shell script to use Oracle Linux 8 and GCC 11.
- Refactored easy build shell script to work on both x86_64 and aarch64.
- Changed some default Basilisk networking preferences to better respect privacy and security out of the box.
- Fixed broken security section in the Page Info window.
- Security issues addressed: CVE-2023-6863, CVE-2023-6858, CVE-2024-0746, CVE-2024-0741, CVE-2024-0743 DiD, CVE-2024-0750 DiD, and CVE-2024-0753.
- UXP Mozilla security patch summary: 7 fixed, 4 DiD, 1 rejected (which was DiD at best), 34 not applicable.