Pale Moon is a custom-built and optimized Firefox-based browser for Windows operating systems with current, high performance processors. It looks identical to the standard Firefox browser and supports Firefox extensions, themes and identities.
Features:
- Highly optimized for modern processors
- 100% Firefox sourced: As safe as the browser that has seen years of development.
- Uses slightly less memory because of disabled redundant and optional code
- Significant speed increases for page drawing and script processing
- Stability: experience fewer browser crashes.
- Support for SVG and Canvas, and downloadable fonts including WOFF
- Support for HTML5 and WebGL (v4+)
- Support for Firefox extensions (add-ons), themes and personas
- Support for OOPP (Out-of-process plugin execution)
- Able to use existing Firefox bookmarks and settings with this migration tool
Pale Moon 25.7.0 fixes/changes:
- Code cleanup: Removed the (otherwise unused) visual event tracer code.
- Code cleanup: Removed reflow performance tracing code (telemetry).
- Fixed a key JavaScript bug where defining properties on an object would wipe the object.
- This seems to be a common issue with "modern" libraries that use "define" instead of "change" and expecting the other properties on the object to be retained, resulting in "x is undefined" errors all over the place if the object is wiped.
- This aligns the behavior with ES6"s "Validate and apply property descriptor" pseudo-function.
- Updated the SQLite library to 3.8.11.1.
- Added support for the element.matches() Web API function.
- Added support for BASE tag parsing in source view. Previously, when viewing the source of a document, clickable links would be incorrect if a base path was specified in the document with this tag.
- Fixed an issue with running timers after the computer would have been put to sleep with the browser opened.
Security fixes:
- Added protection against potential bugs where our SVG mPositions is out of sync with the characters in the DOM. DiD
- Fixed use-after-free vulnerability in XMLHttpRequest::Open() (CVE-2015-4492)
- Fixed use-after-free vulnerability in the StyleAnimationValue class (CVE-2015-4488)
- Fixed crash or memory corruption in nsTArray (CVE-2015-4489)
- Fixed crash or memory corruption in nsTSubstring::ReplacePrep (CVE-2015-4487)
- Fixed potential escalation of privileges or crash (out-of-bounds write) via a crafted name in MARs (x64 only) (CVE-2015-4482)
- Fixed an issue that would allow man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. (CVE-2015-4483)
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
Download: Pale Moon 25.7 | 20.4 MB (Freeware)
Download: Portable Pale Moon 25.7 | 22.0 MB
Download: Pale Moon 25.7 x64 | 23.6 MB
Download: Intel Atom & Windows XP optimized Pale Moon 25.7 | 19.1 MB
View: Pale Moon Homepage | Pale Moon Screenshot