Sign In

Welcome! Log into your account

Forgot your password?

Create an account

Sign Up

Welcome! Register for an account

A password will be e-mailed to you.

Password Recovery

Recover your password

A password will be e-mailed to you.

Pale Moon 29.1.1 / Pale Moon 29.2.0 Alpha 1

1 Star2 Stars3 Stars4 Stars5 Stars (25 votes, average: 4.08 out of 5)
Pale Moon 29.1.1 / Pale Moon 29.2.0 Alpha 1

Pale Moon is a custom-built and speed optimized Firefox browser. The project uses contributed Open Source code to create a full-featured, speed optimized browser based on Firefox browser.

Having seen the advantages on other systems (e.g. Linux) with regards to programs being compiled specifically for the capabilities of the machine it is installed on, it became obviously clear that Windows users were at a disadvantage.

Mozilla only releases windows executables with maximum compatibility in mind, meaning that Firefox is made to run on as many different systems as possible, sacrificing efficiency and speed in the process to be compatible with, by current standards, absolutely ancient hardware.

Mozilla does not provide optimized browser packages for Windows. That means you may be lose speed and efficiency when you use your browser.

That needs to change. Therefore Pale Moon project offers custom-built and optimized Firefox browsers for Windows Operating Systems. Make sure to get the most speed and efficiency out of your browser!

Pale Moon Main features:

  • Highly optimized for modern processors
  • 100% Firefox sourced: As safe as the browser that has seen years of development.
  • Support for Firefox extensions (add-ons), themes and personas
  • Able to use existing Firefox profiles, bookmarks and settings with this migration tool
  • Uses slightly less memory because of disabled redundant and optional code
  • Significant speed increases for page drawing and script processing
  • Support for HTML5 and WebGL (v4)
  • Stability: experience fewer browser crashes.
  • Support for SVG and Canvas, and downloadable fonts including WOFF
  • Support for OOPP (Out-of-process plugin execution)

Users will find a slightly more conservative approach to changes in the user interface in the Pale Moon browser. It, although very close to Firefox, is (now more obviously so than before) a different product. However, these differences in layout do not prevent anyone from configuring their browser interface to exactly the way they want it to look and work. Including like Mozilla Firefox’s default layout if they so wish.

Changes in Pale Moon 29.1.1 (2021-03-30):

  • Updated NSS to fix certificate import and keygen regressions.
  • Removed restrictions for units of width/height attributes on SVG elements.
  • Enabled scrollbar-width CSS keyword by default.
  • Security issues addressed: CVE-2021-23981 and a DiD fix for potential document parser confusion.
  • Unified XUL Platform Mozilla Security Patch Summary: 2 DiD, 9 not applicable.

Changes in Pale Moon 29.1.0 (2021-03-02):

New features:

  • Language packs for the following newly-supported languages:
    • Arabic (ar)
    • Chinese Traditional (zh-TW)
    • Croatian (hr)
    • Danish (da)
    • Finnish (fi)
    • Galician (gl)
    • Indonesian (id)
    • Icelandic (is)
    • Japanese (ja)
    • Romanian (ro)
    • Serbian (cyrillic) (sr)
    • Slovenian (sl)
    • Thai (th)
  • Implemented String.prototype.replaceAll().
  • Implemented JSON superset proposal.
  • Implemented well-formed JSON stringify.
  • Implemented numeric separators in JavaScript.

Changes/fixes:

  • Updated timezone data to 2021a.
  • Updated the wording and inclusion of more select license blocks in about:license.
  • Updated some site-specific user-agent overrides for web compatibility.
  • Updated the lz4 library for performance and security updates.
  • Improved performance of JSON stringify.
  • Further improved support for building on FreeBSD.
  • Fixed a regression where changes to useragent compatibility required a restart to take effect.
  • Fixed a regression where AES-GCM in WebCrypto (“subtle” crypto API) wasn’t working.
    This could make certain login procedures fail to work.
  • Fixed a full browser deadlock when page scripting would flood browsing history with rapid location state changes.
  • Disabled AV1 codec use by default again since our implementation has significant streaming issues (particularly audio) that needs further work.
  • Added required interaction with file/folder open dialog boxes on html file input elements on some operating systems to avoid malicious content tricking users into uploading sensitive files unintentionally (related to CVE-2021-23956).
  • Added a font sanity check to avoid triggering a potential vulnerability on unpatched Windows operating systems (related to CVE-2021-24093).
  • Security issues addressed: CVE-2021-23974, CVE-2021-23973 and several memory safety hazards that don’t have CVE numbers.
  • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 2 DiD, 19 not applicable.

Changes in Pale Moon 29.0.1 (2021-02-06):

  • Fixed a browser crash when manipulating frame trees.
  • Fixed an issue with depth textures in ANGLE.
  • Updated the SSOAU for YouTube Studio.
  • Security issue addressed: ZDI-CAN-12197.

Changes in Pale Moon 29.0.0 (2021-02-02):

New additions:

  • Implemented Intl.PluralRules API for JavaScript.
  • Added a frequently-requested preference (browser.tabs.allowTabDetach) to disable “tearing off” of tabs (meaning dragging them outside of the tab bar resulting in them being made into their own window).
  • Added FLAC as a recognized filetype-by-extension.
  • Implemented basic support for the scrollbar-width CSS keyword. See implementation notes.
  • Added preliminary support for modern FreeBSD builds.
  • Selectively enabled core features of the DOM Animations API.
  • Enabled AV1 video support by default (previously built but not enabled in releases).
  • Added support for pointer events.
  • Added support for the SVG transform-box property.
  • Added support for the inputmode property for forms to enable context-sensitive display of soft keyboards.
  • Enabled shutting down of the file I/O worker when idle for a while (resource optimization).
  • Enabled blocking of auto-play of media in the background by default.
  • We now offer official GTK3 builds for Linux alongside the GTK2 builds.
  • Partial (and as of yet, not acceptably functional) implementation of Google WebComponents. See implementation notes.

Changes/fixes:

  • Updated NSPR to 4.29.
  • Updated NSS to 3.59.
  • Disabled legacy database format for storage of certificates and passwords. See implementation notes.
  • Updated several site-specific user-agent overrides for web compatibility.
  • Improved styling of the “find in page” bar to avoid unreadable text on some system themes.
  • Removed a large chunk of Android-specific code.
  • Split gkmedias.dll back out from xul.dll.
  • Cleaned up a number of redundant and obsolete code paths.
  • Fixed a regression with the Performance API.
  • Fixed an initialization issue in the browser when users would force-disable certain types of caching.
  • Fixed a crash when attempting to save a file from FTP that could be displayed in the browser.
  • Fixed the root cause of an issue with JavaScript module loading causing crashes. See implementation notes.
  • Fixed a rare initialization issue for the print preview window causing it to not display.
  • Fixed a crash on Mac when text input was not secure.
  • Disabled the Storage Manager API by default.
  • Disabled the html tag by default. If you still need this, you can re-enable it with the preference dom.menuitem.enabled in about:config.
  • Fixed a memory safety issue related to XUL trees (CVE-2021-23962).
  • Implemented several defense-in-depth measures to improve stability and future security.
  • Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 6 DiD, 1 already implemented, 1 deferred to the next release, 24 not applicable.

Changes in Pale Moon 28.17.0 (2020-12-18):

Changes/fixes:

  • Changed the way dates and times are formatted in the UI to properly adhere to the user’s regional settings in the O.S.
  • Re-enabled the DOM Filesystem API for web compatibility.
  • Moved the global user-agent override to the networking component. See implementation notes.
  • Worked around crashes and run-time issues with module scripts. See implementation notes.
  • Fixed a website layout issue with table-styled elements potentially overlapping when placed inside a flexbox.
  • Fixed some code logic issues with websockets.
  • Fixed a regression when waking the computer from standby causing high CPU usage in some uncommon situations.
  • Updated the list of prohibited ports the browser can use. See implementation notes.
  • Updated root certificates.
  • Windows: Changed the way downloaded files without an extension are handled. See implementation notes.
  • Mac-beta: Improved version detection of MacOS including Big Sur.
  • Security issues addressed: CVE-2020-26978 and CVE-2020-35112.
  • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 1 deferred to the next release, 16 not applicable.

Implementation notes:

  • The global user-agent override was moved to the networking component where it is actually implemented. The new preference name is network.http.useragent.global_override. Please note that using a blanket override is normally (very) counterproductive and does not, in fact, help much with privacy. It would also override the compatibility modes (Native/Gecko/Firefox) in Pale Moon. As such, the browser will now warn you if the user-agent is globally overridden (in preferences) and allow you to easily reset that override and re-enable the various compatibility modes.
  • Module scripting caused some persistent and very hard to track browser crashes that we’ve narrowed down to a specific optimization in the JavaScript JIT (Just-In-Time) compiler (IonMonkey). This optimization is now disabled by default but if you need that little extra performance (usually only noticed in very optimized code or some benchmarks) then you can re-enable it, trading in stability, by setting the new preference javascript.options.ion.inlining to true.
  • Prohibited ports: Pale Moon maintains a blacklist of ports the browser may normally not connect to on servers, to mitigate abusive web scripting employing your browser as an attack bot on servers (e.g. by connecting to mail servers or what not), NAT slipstreaming, and similar security issues. To more thoroughly prevent known abusable ports on servers, this list was extended with a number of additional default ports for various non-http protocols.
  • Downloaded files without a file extension: When a file without an extension is downloaded, we will now open the download folder where you may choose to take any specific action manually, instead of trying to execute it as a program or through an associated program.

Changes in Pale Moon 28.16.0 (2020-11-24):

Changes/fixes:

  • Aligned CSS tab-size with the specification and un-prefixed it.
  • Updated Brotli library to 1.0.9.
  • Updated JAR lib code.
  • Optimized UI code, resulting in smaller downloads and less space consumed on disk.
  • Changed the default Firefox Compatibility version number to 68.0 (since versions ending in .9 makes some frameworks unhappy, refusing access to users)
  • Cleaned up HPKP leftovers.
  • Disabled the DOM filesystem API by default.
  • Removed Phone Vibrator API.
  • Fixed an issue where the software uninstaller would not remove the program files it should.
  • Fixed a devtools crash related to timeline snapshots.
  • Fixed an issue in Skia that could cause unsafe memory access. DiD
  • Fixed several data race conditions. DiD
  • Fixed an XSS vulnerability where scripts could be executed when pasting data into on-line editors.
  • Linux: Fixed an overflow issue in freetype.
  • Security issues addressed: CVE-2020-26960, CVE-2020-26951, CVE-2020-26956, CVE-2020-15999 and several others that do not have a CVE designation.
  • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 4 defense-in-depth, 3 rejected, 20 not applicable.

Implementation notes:

  • Windows binaries should all be properly code-signed again.
  • The uninstaller issue might only appear if you have not used the internal updater to update the browser after installation.
  • The DOM Filesystem and dir picker APIs are, in practice, not used on websites. We’ve disabled these web-exposed APIs because they are not entirely without potential risk, and intend to remove them in a future version unless there is a demonstrable need to keep them as optional (unsupported) APIs in the platform.
  • One of the rejected security patches deals with entering a single word in the address bar. Standard browser behavior in that situation is for browsers to do a normal network lookup of that word in case it is a LAN machine name (other browsers also do this) which may “leak” your entered search term to the LAN. If you want to avoid this, please always use the search box for entering web searches, as it’s unambiguous what to do with single words in that case.

Changes in Pale Moon 28.15.0 (2020-10-27):

  • Implemented support for CSS caret-color.
  • Implemented support for un-prefixed ::selection CSS pseudo-element styling.
  • Fixed another potential crashing scenario in ResizeObservers.
  • Fixed several crashes in the DOM Fetch API.
  • Fixed a crash in table pagination.
  • Security issues fixed: CVE-2020-15680 (VG-VD-20-115) and several memory safety hazards.
  • Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 2 defense-in-depth, 12 not applicable.

Changes in Pale Moon 28.14.2 (2020-10-02):

  • Fixed some additional crashes caused by the ResizeObserver API. This should take care of all crashes that have been attributed to this new code.
  • Fixed erroneous parsing of CSS percentages as number values.

Changes in Pale Moon 28.14.1 (2020-09-30):

  • This update addresses an intermittent crash in the newly-implemented ResizeObserver API (introduced in 28.14.0) occurring on a number of high-profile and often-used websites.

Changes in Pale Moon 28.14.0 (2020-09-29):

  • Updated the browser identity code for website security to more clearly indicate website status.
    A detailed explanation is available on the forum and beyond the scope of these release notes.
  • Updated unofficial branding to be more generic and more clearly separate unofficial builds from Pale Moon as a product.
    Please note that this goes hand in hand with an update of our redistribution license, and from this point forward any “New Moon” products are to be considered separate, and not unofficial Pale Moon builds or in any way related to or affiliated with Pale Moon, despite the similarity in name.
  • Added a preference (signon.startup.prompt) to give users the option to ask for the Master Password the moment the application starts (before the main window opens). This allows a workaround for getting multiple Master Password prompts if individual components need access to the password store at the same time.
  • Changed the way download sources are displayed to always use the actual domain downloads are from. In some situations the browser would previously display the domain of the referring page in an inconsistent fashion.
  • Implemented the ES2019 Object.fromEntries() utility function.
  • Implemented the CSS flow-root keyword.
  • (Re-)implemented percentage-based CSS opacity values according to the updated spec.
  • Implemented the last few missing bits for a standards-compliant implementation of JavaScript modules.(preloading, resource: scheme, etc.)
  • Implemented the ResizeObserver DOM API.
  • Fixed a null crash on some websites using CSS clip paths.
  • Updated script handling inside SVGs to only run scripts if they are enabled and permitted, avoiding a potential XSS pitfall.
  • Fixed several memory safety hazards and crashes.
  • Updated the MediaQueryList interface to the updated spec. It now inherits from EventTarget and implements AddEventListener/RemoveEventListener in addition to AddListener/RemoveListener and should improve web compatibility for some sites.
  • Removed support for the archaic and non-standard element.
  • Removed some leftovers from the discontinued plugin update checker service.
  • Removed some internal HPKP implementation leftovers.
  • Cleaned up the Windows widget code to reduce potentially vulnerable direct-dll loads.
  • Security issues fixed: CVE-2020-15676 and CVE-2020-15677
  • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 1 defense-in-depth, 7 not applicable.

Changes in Pale Moon 28.13.0 (2020-09-04):

Changes/fixes:

  • Updated the included site-specific user-agent overrides for a number of websites that need them.
  • Rewritten the browser’s padlock code to use more modern APIs and provide more accurate security status indication.
    Now also with localized tooltips!
  • Fixed a missing close button on the undo prompt after removing a thumbnail from the QuickDial new tab page.
  • Fixed an issue with the alternative stylesheet menu in the browser’s UI not working.
  • Implemented the use of intrinsic aspect ratios for images to improve layout during load and page positioning.
  • Added a preference to the use of node.getRootNode and disabled by default. See implementation notes.
  • Added CSS -webkit-appearance as an alias for -moz-appearance to improve compatibility with websites that only try to use Chrome-specific keywords to style standard form elements.
  • Updated the SQLite library to 3.33.0.
  • Reinstated precise floating point precision model in JavaScript for those alternate builders who foolishly try to use the inaccurate “fast” model.
  • Improved spec compliance of modular JavaScript use (ECMAScript modules).
  • Changed media errors to be a more generic response, and added a preference (media.sourceErrorDetails.enabled) to enable detailed error reporting of media errors for debugging purposes.
    Previously, detailed errors were provided by default which could lead to privacy issues.
  • Improved code stability of the AbortController implementation.
  • Fixed a race condition in the secure connection library (NSS).
  • Security issues fixed: CVE-2020-15664, CVE-2020-15666, CVE-2020-15667, CVE-2020-15668 and CVE-2020-15669.
  • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 1 defense-in-depth, 1 rejected, 9 not applicable.

Implementation notes:

  • In 28.11.0 we introduced node.getRootNode because some websites would fail with an error if this function was not present. Unfortunately, this caused problems with other sites that (incorrectly) assume Google WebComponents are available when this utility function is present (feature detection gone wrong). While it is considered by some to be part of the Google WebComponents implementation, it actually has utility value outside of that use. Because of the problems caused, we’ve added a preference and disabled it by default, fixing these kinds of websites.
    When needed, you can re-enable this function with dom.getRootNode.enabled
    This should improve web compatibility by default yet still allow users to enable this function for websites that use its utility but do not use WebComponents.

Changes in Pale Moon 28.12.0 (2020-08-04):

  • Added controls for WASM to the browser’s preferences, and enabled by default.
  • Enabled various arbitrarily-disabled CSS functions.
  • Added the use of basic path descriptors (i.e. polygon) to css clip paths.
  • Implemented multithreaded request signal handling for the Abort API. Please see implementation notes below.
  • Updated the included US-English dictionary, adding approximately 2500 additional words.
  • Removed the DOM battery API. This was already disabled for privacy reasons for a long while.
  • Fixed an erroneous warning displayed on toolkit-only add-ons like supplied dictionaries.
  • Fixed an issue with the sessionstore tab load preference.
  • Improved the generation of the names of downloaded files to prevent confusion. (CVE-2020-15658)
  • Fixed a code issue with base64 encoding of data.
  • Fixed 2 safety hazards in JavaScript. (One being CVE-2020-15656) DiD
  • Fixed a spec compliance issue with regards to the cross-origin loading of scripts. (CVE-2020-15652)
  • Improved the loading of a system DLL on Windows, preventing low-risk hijacking potential. (CVE-2020-15657) See implementation notes.
  • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 2 defense-in-depth, 15 not applicable.

Changes in Pale Moon 28.11.0 (2020-07-14):

  • Changed storage format for certificates and passwords to SQLite.
  • Added a preference (browser.tabs.insertAllAfterCurrent) to enable always adding new tabs after the current tab, whether related or not.
  • Changed the way Firefox extensions are displayed in the add-on manager (provide a clear warning).
  • Denied other types of add-ons that aren’t explicitly targeting Pale Moon’s ID.
  • Improved the browser’s DPI-awareness to be per-monitor instead of system-wide, on supported Windows operating systems.
  • Updated bookmark backups code with the other half of what should have been done way back when, so they work fully as-intended.
  • Added a preference (browser.bookmarks.editDialog.showForNewBookmarks) to enable immediately showing the edit dialog for new bookmarks.
    If set to true, clicking the star in the address bar will pop open the edit dialog immediately for changing details/sorting.
  • Fixed the useragent string in native mode, and updated UA code to properly respond to live changes to some preferences.
  • Tidied up front-end browser JavaScript.
  • Changed the way sources are compiled (on-going de-unification).
  • Improved compatibility with gcc v10
  • Removed support for the obsolete and unmaintained NVidia 3DVision stereoscopic interface.
  • Fixed some build issues in non-standard configurations.
  • Fixed wrong positions when calculating the position for position:absolute child inside a table.
  • Aligned file name extension of saved url files with other applications (lower case)
  • Fixed building with –disable-webspeech (to disable speech synthesis)
  • Added global menubar support for GTK.
  • Implemented node.getRootNode
  • Implemented AbortController (Abort API)
  • Improved the uninstaller to use elevation when prudent and actually remove program files.
  • Fixed a rare issue with editable page content.
  • Fixed a crash related to ES module scripts.
  • Aligned ES module scripting better with the current spec and removed eager instantiation.
  • Fixed a potential issue with the JPEG encoder. (CVE-2020-12422) DiD
  • Fixed a potential issue with AppCache manifests. DiD
  • Fixed a potential crash in JavaScript date parsing.
  • Fixed a problem with RSA key generation that would make it potentially vulnerable to side-channel attacks. (CVE-2020-12402)
  • Fixed a potential crash due to multithread race condition. DiD
  • Fixed a correctness issue in URL handling. (CVE-2020-12418) DiD

Changes in Pale Moon 28.10.0 (2020-06-05):

  • Implemented URLSearchParamssort() function
  • Implemented ES2020 globalThis for web compatibility
  • Improved our WebM media parser to be more tolerant to different encoding styles.
  • Improved our MP3 media parser to be more tolerant to different encoding styles and particularly tiny files/stream chunks.
  • Improved performance of table drawing for more corner cases
  • Changed the way images without a src are handled in page layouts to align with the Chrome-pushed spec.
  • Added modern MIPS support
  • Split out the ICU data file from xul.dll on Windows
  • Fixed a regression in WebAudio channel handling due to a landed security fix.
  • Fixed a regression preventing scripting from properly disabling input controls
  • Fixed an issue with border radius sometimes not being honored in tables
  • Fixed some build issues in non-standard configurations.
  • Removed more telemetry code
  • Removed the in-browser speech recognition engine and API
  • Removed support for the obsolete and unmaintained NVidia 3DVision stereoscopic interface.
  • Changed handling of braille blanks in the ui (CVE-2020-12409) DiD
  • Mitigated a potential timing attack against DSA keys in NSS (CVE-2020-12399)
  • Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 1 defense-in-depth, 8 not applicable.

Changes in Pale Moon 28.9.3 (2020-05-08):

  • Fixed a potential vulnerability in the zip file reader. DiD
  • Fixed a potential vulnerability in the JavaScript JIT compiler related to aliases. DiD
  • Ported several upstream devtools fixes (addresses CVE-2020-12392 and CVE-2020-12393).
  • Improved memory safety of some WebAudio calls.
  • Improved memory safety in the XUL window destructor. DiD
  • Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 3 Defense-in-depth, 16 not applicable.

Changes in Pale Moon 28.9.2 (2020-04-30):

  • Re-based the 28.9 version of browsers on a separate development branch that excludes the extensive work being done for Google WebComponents, to avoid potential performance and stability issues caused by as-of-yet incomplete and in-progress code for the new milestone.
  • Enabled DOM High Resolution timestamps for compatibility with websites that strictly rely on them for operation.
  • Added a preference to allow copying the unescaped URL from the address bar (especially useful for internationalized domain names and paths).
    To enable this, set browser.urlbar.decodeURLsOnCopy to true in about:config
  • Fixed several application crashes (thanks, Fysac!)

Changes in Pale Moon 28.9.1 (2020-04-10):

  • Re-imported the ExtensionStorage js module for use by browser extensions.
  • Fixed an issue with the WebRequest module having erroneously un-processed build directives in it. This might have caused some subtle breakage.
  • Removed the use of high-resolution Windows system timers from the layout refresh driver; this should help with some performance and battery life issues.
  • Fixed an issue where various parts of hardware acceleration weren’t properly linked when changing the option from preferences.
    If you have changed the preferences option to “use hardware acceleration when available” between 28.9.0 and this release, it is recommended that you go into preferences and toggle the option off/on to the preferred setting to correct any discrepancies.
  • Fixed an issue with building the user-agent string using the build date as ID.
  • Fixed an issue with the release of document content viewers (CVE-2020-6819). DiD
  • Fixed an issue with handling functions with rest parameters. DiD
  • Unified XUL Platform Mozilla Security Patch Summary: 2 Defense-in-depth, 14 not applicable.

Changes in Pale Moon 28.9.0.2 (2020-03-25):

  • Fixed an issue with browser migration and initialization code causing various browser run-time problems.
  • Fixed an issue with cache behavior where some users would have trouble having their windows and tabs restored in “soft refresh” mode (see v28.9.0 release notes).
    To solve this, we reverted to the previous (pull from cache) mode for now while we investigate the cause.

Changes in Pale Moon 28.9.0 (2020-03-24):

New features:

  • Implemented asynchronous iterators (await
    iterator.next()
    and for await loops) (ES2018)
  • Implemented promise-based media playback.
  • Implemented non-standard legacy CSSStyleSheet rules functions.
  • Implemented the html5 element. To switch this on, flip dom.dialog_element.enabled to true.
  • Implemented the optional hiding of pinned tabs in CtrlTab/AllTab panes. (controlled through the preferences browser.ctrlTab.hidePinnedTabs and browser.allTabs.hidePinnedTabs)
  • Added 1.25x playback speed to html media elements.
  • Added a hidden pref (browser.places.smartBookmarks.max) to control the sizes of default smart bookmarks categories.

Changes/fixes:

  • Aligned document.open() with the overhauled specification.
  • Aligned the way DOM styles are computed with mainstream browser behavior.
  • Removed the (unused) DOM promise implementation.
  • Enabled seeking to next frame in media files.
  • Enabled dynamic UA updates for emergency use.
  • Implemented rule processing stub for font-variation-settings.
  • Increased the maximum XML nesting depth to 2048 levels for extreme corner cases and to conservatively align with other browsers.
  • Improved the privacy of geolocation lookup calls, with thanks to a generous service donation from ip-api.com
  • Improved reporting of the operating system in site-specific user-agent overrides.
  • Improved table drawing performance again after the rewrite for sticky positioning making it slower.
  • Updated CSP processing to allow custom scheme wildcards to be specified without a port.
  • Aligned the behavior of outlines with other browsers when dealing with CSS-repositioned elements.
  • Changed the way hardware acceleration is controlled from the application.
  • Changed the default monospace font for main languages from Courier New to Consolas.
    This provides a more balanced font for fixed-width text that is slightly more condensed and more in line with the naturally compacter variable-width fonts used everywhere else.
  • Changed the browser’s behavior when restoring tabs from previous sessions. To prevent stale pages, it will now by default perform a “soft refresh” of the page instead of drawing it purely from cache without checking if the page needs updating. If you prefer the old behavior, set browser.sessionstore.cache_behavior to 0 in about:config.
  • Updated NSPR to 4.24 and NSS to ~3.48.1-RTM, removing the previous custom patch level with NSS being able to support custom rounds for DBM now.
    For extensive release notes with all NSS changes, see NSS_Releases
  • Implemented an NSS performance optimization for Master Password use with limited effect.
  • Fixed some potential crashing scenarios with WebGL on Linux.
  • Completely removed showModalDialog.
  • Disabled some logging in production builds.
  • Removed various gadgeteering/redundant/dead DOM APIs (casting/presentation, FlyWeb)
  • Removed support for a number of critical libraries being system-supplied.
  • Removed “Copy raw data” button from the troubleshooting information page, since it’s never used by us in that format, and users mistakenly keep using it instead of copying text.
  • Removed a bunch of Android and iOS support code.
  • Fixed an issue with form elements sometimes being incorrectly disabled.
  • Fixed several crashes.
  • Fixed an issue with Captive Portal detection sometimes firing even when disabled by the user.
  • Performed various tree-wide code cleanups.
  • Backed out a large code cleanup patch for causing subtle issues in website operation (e.g. WordPress). This will have to be revisited later; the reintroduced code is not in use in practice.
  • Cleaned up the application updater code.

Security-related fixes:

  • Fixed a potential pointer issue in cubeb. DiD
  • Disabled allowing remote jar: URIs by default for security reasons. If you need this functionality for your non-standard environment, you can enable it with the preference network.jar.block-remote-files, but please consider moving away from this method of providing web-based applications.
  • Removed a potentially dangerous and otherwise ineffective optimization from the JavaScript engine.
  • Fixed unwanted behavior where created/focused pop-up windows could potentially cover the DOM fullscreen notification, hiding it from users. (CVE-2020-6810)
  • Fixed an issue where copying data as a curl request from developer tools would not properly escape parameters. (CVE-2020-6811)
  • Updated our sctp library code with several upstream fixes.
  • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 3 already mitigated, 1 rejected, 11 not applicable.

Changes in Pale Moon 28.8.4 (2020-03-01):

  • Implemented optional catch binding (ES2019).
  • Fixed a hazardous crash related to module scripting.

Changes in Pale Moon 28.8.3 (2020-02-18):

  • Fixed an issue in CSP blocking requests without a port for custom schemes.
  • Fixed a potentially hazardous crash in layers.
  • Fixed random crashes on some sites using IndexedDB.
  • Changed the way the application can be invoked from the command-line to prevent a whole class of potential exploits involving modified omnijars.
    If your special-needs environment requires that you launch the browser with custom browser/gre omnijars from the command-line, you must set the UXP_CUSTOM_OMNI environment variable before launch from this point forward.
  • Fixed an issue in the html parser after using HTML5 template tags, allowing JavaScript parsing and execution when it should not be allowed, risking XSS vulnerabilities on sites relying on correct operation of the browser. (CVE-2020-6798)
  • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 2 DiD, 10 not applicable.

Changes in Pale Moon 28.8.2.1 (2020-02-04):

  • This is a minor release in response to YouTube deprecating their old web UI. This change will enable the new YouTube UI by default.

Changes in Pale Moon 28.8.2 (2020-01-28):

  • Reverted the addition of JavaScript regular expression lookarounds since the implementation caused crashes. We’ll have to revisit this later.
  • Fixed an issue where FTP servers would hang the browser if they were not sending answers according to the protocol specification.
  • Added a workaround for GitHub trying to enforce more Google-isms (which we don’t support at this time) to browsers that identify as “Firefox-alike”.

Changes in Pale Moon 28.8.1 (2020-01-11):

  • Fixed a sampling issue in libsoundtouch (DiD)
  • Fixed an issue with a new upcoming Windows 10 feature not honoring Private Browsing mode by default (DiD)
  • Fixed several stability and memory safety hazards. (DiD)
  • Fixed an issue where files could inadvertently be executed with the designated file type handler instead of opened. (CVE-2019-17019)
  • Fixed an issue with the JavaScript JIT compiler that could lead to exploitable crashes. (CVE-2019-17026) actively exploited
  • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 7 DiD, 12 not applicable.

Homepage – http://www.palemoon.org

Minimum System Requirements:

  • Windows 7, 8, 8.1, 10, Server 2008 R2 or later
  • A processor with SSE2 instruction support
  • 1 GB of RAM
  • At least 200 MB of free (uncompressed) disk space

Leave a Reply

9 Comments on Pale Moon 29.1.1 / Pale Moon 29.2.0 Alpha 1

  • Gravatar
    Guest

    trueboy

    all these extra firefox browser's have problem with flash,plugins...So bad... poor mozilla company :(

  • Gravatar
    Guest

    arsenalz

    Interesting, @soundping ... This problem with flash player, I've never had this difficulty. Both Firefox and Pale Moon works well here. However, I do not use Java on both. Java only in IExplorer.

  • Gravatar
    Guest

    soundping

    I tried Pale Moon and Waterfox both of them would crash on me. I found the cause. It was Flash player locking up.

  • Gravatar
    Guest

    LymphNodes

    I'm liking this too, I like it considerably more than Waterfox

  • Gravatar
    Guest

    Journey

    I"m liking this browser a lot..

  • Gravatar
    Guest

    arsenalz

    The competition is fierce with the Waterfox. But both are faster and more stable than Firefox

  • Gravatar
    Guest

    Superknown

    Yes it is more Stable than FF.

  • Gravatar
    Guest

    Superknown

    Upodate This got me back into FF. Great Browser and Fast.....But with these updates into 5 many thins still don't work  Netflix?????

  • Gravatar
    Guest

    Superknown

    Agree Very Nice Alternative