Pale Moon is a custom-built and optimized Firefox-based browser for Windows operating systems with current, high performance processors. It looks identical to the standard Firefox browser and supports Firefox extensions, themes and identities.
Features:
- Highly optimized for modern processors
- 100% Firefox sourced: As safe as the browser that has seen years of development.
- Uses slightly less memory because of disabled redundant and optional code
- Significant speed increases for page drawing and script processing
- Stability: experience fewer browser crashes.
- Support for SVG and Canvas, and downloadable fonts including WOFF
- Support for HTML5 and WebGL (v4+)
- Support for Firefox extensions (add-ons), themes and personas
- Support for OOPP (Out-of-process plugin execution)
- Able to use existing Firefox bookmarks and settings with this migration tool
Pale Moon 25.5.0 changes:
- Logjam fix: Refuse DHE keys with less than 1024 key bits
- Search plugin updates to re-enable Google suggestions and reduce tracking (Squarefractal)
- Allow plugin-specific (.dll based) OOPP overrides also for npswf. This will not be used for the "master switch" for OOPP and Flash will still be in the plugin container, unless a specific dom.ipc.plugins.enabled.npswf*.dll boolean is set to override.
- Fixed a crash during WebGL Conformance Tests for undefined indices (Toady)
- HSTS preload list updates (Squarefractal)
- Status bar locale addition: cs
- Implemented a fix for the toolkit update service so that the same version as the current application will not be offered as a valid update (Tobin)
- Reorganized the AppMenu (give equal ease for windowed and tabbed browsing, deprioritize Sync)
- Disabled the Sync promo box in doorhangers.
- Updated libpng to version 1.5.22
- Fixed support for builds using newer freetype on Linux. (Axiomatic)
- Fixed --with-system-pixman builds. (Isaac Dunham)
- Updated SQLite to version 3.8.10.1
- Changed the after-upgrade page loaded to the release notes instead of the home page.
- (and hoping people actually do take a moment to read them, preventing unnecessary support requests)
- Fixed navigator.geolocation - should never be null, to properly adhere to the specification (Travis)
- Moved paintlock event delay to greprefs, and adjusted it for 2015"s heavier sites
- Fixed the about dialog scripting for pre-release builds (includes build date now as-intended and no longer errors the script)
- Reorganized how pushed floats are handled in layout flow
- Implemented a change to run the updater from the install directory instead of copying it.
- Fixed transparency of the Pale Moon document icon for 256x256
- Updated padlock code:
- - Added mixed-mode shading, and reorganized shading pref values more logically
- (0=off, 1=secure only, 2=secure+mixed, 3=all)
- - Cleaned up CSS
- - Cleaned up padlock logic a little
- Hard-coded internal UA sniffing values for the extension legacy of devtools
- Updated NSPR to 4.10.8
- Updated the NSS security lib to 3.19-RTM + re-worked Pale Moon changes
- Bumped the built-in site-specific UA compat mode overrides to v38
- Fixed a compressed-cache crash due to losing our cache entry while finishing up compression.
- Updated and patched libcubeb, the main media sound library, to fix a number of audio issues (e.g. when switching output device) and audio-related crashes
- Added the option to load modules into a named scope (see issue #88)
- Removed quick access keys for buttons on the updater window (since it may pop up unannounced when people are typing, causing them to make unintended choices)
- Updated jemalloc and mozjemalloc memory allocator libraries to improve performance
- Removed implicit access to a whole range of internally-used interfaces and classes that page content has no business calling anyway
- Added a preference for always preferring a certain dictionary language.
- To use this, create a new preference spellchecker.dictionary.override (string) and set it to your language code.
Security fixes:
- Fixes for miscellaneous memory safety hazards (relevant and applicable fixes from CVE-2015-2708 and CVE-2015-2709)
- DiD (defense-in-depth) fix to prevent potential overflows in CSS restyling
- Fix for updater hijacking (CVE-2015-2720)
- Fix to prevent potential disclosure of sensitive information in Android logs (CVE-2015-2714)
- Fix for a buffer overflow in the XML parser (CVE-2015-2716)
- Fix for a potentially exploitable crash in DNS handling
Download: Pale Moon 25.5.0 | 17.7 MB (Freeware)
Download: Portable Pale Moon 25.5.0 | 19.5 MB
Download: Pale Moon 25.5.0 x64 | 20.9 MB
Download: Intel Atom & Windows XP optimized Pale Moon 25.5.0 | 16.8 MB
View: Pale Moon Homepage | Pale Moon Screenshot