Basilisk is a free and Open Source XUL-based web browser created by the developers of the Pale Moon browser. It is based on the Goanna layout and rendering engine (a fork of Gecko) and builds on the Unified XUL Platform (UXP), which in turn is a fork of the Mozilla code base without Servo or Rust.
Basilisk as an application is primarily a vessel for development of the XUL platform it builds upon, and additionally a potential replacement for Firefox to retain the use of Firefox Extensions. It aims to retain useful technologies that its sibling Firefox has removed.
Requires Windows 7 or later. Windows XP or Windows Vista are not supported.
- Support for all NPAPI plugins (Unity, Silverlight, Flash, Java, authentication plugins, etc.).
- Support for XUL/Overlay Mozilla-style extensions.
- Experimental support for WebExtensions (in gecko-target mode). Please note that some Mozilla-specific WebExtension APIs are not yet available.
- Support for ALSA on Linux.
- Support for WebAssembly (WASM).
- Support for advanced Graphite font shaping features.
- Support for modern web cryptography: up to TLS 1.3, modern ciphers, HSTS, etc.
Important differences with Mozilla Firefox:
- Uses Goanna as a layout and rendering engine. Goanna behaves slightly differently than Gecko in certain respects and may result in different display of web pages. e.g.: Goanna renders gradients in a more accurate color space (non-premultiplied).
- Builds on UXP, our XUL platform in development. As such XUL is alive and well in this browser and will not be deprecated.
- Has some long-standing known issues with the Mozilla code-base fixed (e.g. CVE-2009-1232).
- Does not use Rust or the Photon user interface. You can expect a familiar interface as-carried by Firefox between v29 and v56.
- Does not use Electrolysis (e10s, multi-process browsing).
- Does not require walled-garden extension signing.
Basilisk 2020.11.25 changelog:
- Aligned CSS tab-size with the specification and un-prefixed it.
- Updated Brotli library to 1.0.9.
- Updated JAR lib code.
- Cleaned up HPKP leftovers.
- Disabled the DOM filesystem API by default.
- Removed Phone Vibrator API.
- Fixed an issue where the software uninstaller would not remove the program files it should.
- Fixed a devtools crash related to timeline snapshots.
- Fixed several data race conditions.
- Security issues fixed: CVE-2020-26960, CVE-2020-26951, CVE-2020-26956, CVE-2020-15999 and several memory safety hazards.
- Unified XUL Platform Mozilla Security Patch Summary: 5 fixed, 4 defense-in-depth, 3 rejected, 19 not applicable.