Pale Moon 25.8

Pale Moon is a custom-built and optimized Firefox-based browser for Windows operating systems with current, high performance processors. It looks identical to the standard Firefox browser and supports Firefox extensions, themes and identities.

Features:

  • Highly optimized for modern processors
  • 100% Firefox sourced: As safe as the browser that has seen years of development.
  • Uses slightly less memory because of disabled redundant and optional code
  • Significant speed increases for page drawing and script processing
  • Stability: experience fewer browser crashes.
  • Support for SVG and Canvas, and downloadable fonts including WOFF
  • Support for HTML5 and WebGL (v4+)
  • Support for Firefox extensions (add-ons), themes and personas
  • Support for OOPP (Out-of-process plugin execution)
  • Able to use existing Firefox bookmarks and settings with this migration tool

Pale Moon 25.8.0 This is a security, stability and usability update:

Fixes/changes

  • Updated LibVPX to 1.4.x to be able to play more kinds of VP9-encoded videos.
  • Updated the JPEG decoder library to 1.4.0.
  • Fixed and cleaned up XPCOM timer thread code to avoid intermittent issues with events not firing (especially after stand-by).
  • Updated overrides to work around issues with Facebook and Netflix.
  • Fixed an issue where too-old system-supplied NSPR and/or NSS libraries would be accepted for use.

Security fixes

  • Updated the libpng library to 1.5.24 to address critical security issues CVE-2015-7981 and CVE-2015-8126
  • Updated the NSPR library to 4.10.10 to address several security issues.
  • Updated the NSS library to 3.19.4 to address several security issues.
  • Fixed a memory safety hazard in SVG path code (CVE-2015-7199).
  • Fixed an issue with IP address parsing potentially allowing an attacker to bypass the Same Origin Policy (CVE-2015-7188).
  • Fixed an Add-on SDK (Jetpack) issue that would allow scripts to be executed despite being forbidden (CVE-2015-7187).
  • Fixed a crash due to a buffer underflow in libjar (CVE-2015-7194).
  • Fixed an issue for Android full screen that would potentially allow address spoofing (CVE-2015-7185).
  • Added size checks in canvas manipulations to avoid potential image encoding vulnerabilities like CVE-2015-7189. DiD
  • Fixed potential information disclosure vulnerabilities through the NTLM authentication mechanism. Insecure NTLM v1 is now disabled by default, and the workstation name is set to WORKSTATION by default (configurable with a preference for environments where identification of workstations is done by actual reported machine name). This avoids issues like CVE-2015-4515.
  • Fixed a potentially vulnerable crash from a spinning event loop during resize painting. DiD
  • Fixed several Javascript-based memory safety hazards. DiD

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

Download: Pale Moon 25.8.0 | 20.4 MB (Freeware)
Download: Portable Pale Moon 25.8.0 | 22.2 MB
Download: Pale Moon 25.8.0 x64 | 23.6 MB
Download: Intel Atom & Windows XP optimized Pale Moon 25.8.0 | 19.1 MB
View: Pale Moon Homepage | Pale Moon Screenshot

Report a problem with article
Next Article

SoftPerfect Network Scanner 6.0.9

Previous Article

StartIsBack++ 1.1.7