Pale Moon is a custom-built and optimized Firefox-based browser for Windows operating systems with current, high performance processors. It looks identical to the standard Firefox browser and supports Firefox extensions, themes and identities.
Features:
- Highly optimized for modern processors
- 100% Firefox sourced: As safe as the browser that has seen years of development.
- Uses slightly less memory because of disabled redundant and optional code
- Significant speed increases for page drawing and script processing
- Stability: experience fewer browser crashes.
- Support for SVG and Canvas, and downloadable fonts including WOFF
- Support for HTML5 and WebGL (v4+)
- Support for Firefox extensions (add-ons), themes and personas
- Support for OOPP (Out-of-process plugin execution)
- Able to use existing Firefox bookmarks and settings with this migration tool
Pale Moon 25.4.0 changes:
- Updated SQLite from 3.7.17 to v3.8.8.3, improving history/bookmark/etc. performance by up to 50% depending on operation
- Added a new "mixed-mode" state for HTTPS connections. Clarified mixed-mode connections with a mixed-mode padlock and better tooltips.
- Added a conditional partial shading to the URL bar and made it default (shading only on secure sites, no red shading at all by default).
- Dev: Fixed file system mode flags for *nix systems, to make executable files like scripts actually flagged as executable
- Added native IPv6 lookups to NSPR to solve IPv6-only and dual-stack setups in some situations
- Added a pref to control the unloading of idle plugins from memory and lowered the default "idle" time to 60 seconds before plugins are unloaded
- Fixed version strings for e.g. flash on Linux being displayed with commas instead of periods - this should also fix the incorrect "your plugin is vulnerable" message while being on the latest version
- Windows: Set the double-click/Ctrl+arrow word selection to not eat the space (only select the actual word)
- Android: DNS fix for VPN connections, preventing the "server not found" issues people have been reporting for certain VPN providers on mobile
- Updated a number of trusted root certificates, and distrusted the CNNIC root certificate by popular demand
- Linux: Worked around the slice memory allocator not being properly disabled on later GLib versions
- Android: updated the random number generator handling on later versions of Android
- Added fix to prevent spurious re-paints with plugins (performance/UX improvement)
- Removed the plugin check link from the Addons Manager, since it's no longer reliable and not officially available for browsers except Mozilla Firefox. (Bonus: no user profiling/tracking through optimizely!)
- Optimized the NSS callback for secure connections
- Updated the domains that are whitelisted for installation of extensions/themes/personas, streamlining the use of addons.palemoon.org
- Added personas support to titlebar text (adopt the lightweight theme's coloring/shading) in custom titlebar mode (Pale Moon appmenu/button)
- Added display of HTTPS protocol (SSL/TLS) to the page info window (thanks Travis!)
- Improved certificate display: Removed MD5 and added SHA256 fingerprint, and made them selectable/copyable
- Updated classification of secure connections: Classify any encryption with less than 128 bits or including RC4 (if manually enabled, see previous version notes) as weak.
- Dev: Added availability of the full ciphersuite string for use in extensions to the nsISSLStatus interface (nsISSLStatus.cipherSuite)
- Added MAKE_UNLINKABLE to the about: page redirector and added that as default for the reader mode on Android
- Removed the compilation and inclusion of a one-time-use pre-compiled startup cache in omni.ja, reducing overall application size significantly and avoiding a number of quirks of both the build process and the operation of the browser
- Fixed an NVIDIA specific GLX server vendor bug for pixmap depth and fbConfig depth
- Removed most telemetry code, reducing code complexity and wasted CPU
- Linux: Added OSS support (mutually exclusive with ALSA): configure with --enable-oss
- Made DNS caching a lot less aggressive to align the browser's behavior with the dynamic nature of the modern web.
- Removed Mozilla-specific parameters for searches. Search suggestions should now work again for Google searches
- Added the option to allow users to use a fixed (JSON) file-based geolocation response in favor of a GeoIP service.
- Dev: Improvements to Clang builds (thanks Axiomatic/BitVapor!). Clang is not currently producing stable builds on Linux, so please use GCC for that operating system.
- Linux: removed GnomeVFS that's no longer in use
- Fixed the "double padlock while loading a secure site" niggle in the UI
- Dev: added allowance of using -moz-appearance:none on drop-down lists to hide the arrow button (catering to custom styling of the control)
- Added some more ES6 math/number functions:
- Implemented Math.fround(x)
- Implemented Number.isSafeInteger(x)
- Implemented Math.clz32(x)
Security fixes:
- Fixed several memory safety hazards (UAF/DF/UU); applicable bugs covered by CVE-2015-0815 and CVE-2015-0815
- Fixed CVE-2015-0811 [qcms] heap info leak
- Fixed CVE-2015-0810 clickjacking attacks via a Flash object in conjunction with DIV elements
- Fixed CVE-2015-0801 a variant of CVE-2015-0818
- Fixed CVE-2015-0800 improve randomness of DNS resolver queries on Android
- Fixed CVE-2015-0798 access to privileged URLs through about: redirector
UPDATE: Pale Moon 25.4.1 (2015-05-10)
- Fixed loss of the browser's disk cache on startup due to incorrect corruption detection logic
- Fixed a browser crash on some HTML5 games
Download: Pale Moon 25.4.1
Download: Pale Moon 25.4.0 | 17.7 MB (Freeware)
Download: Portable Pale Moon 25.4.0 | 19.5 MB
Download: Pale Moon 25.4.0 x64 | 20.9 MB
Download: Intel Atom & Windows XP optimized Pale Moon 25.4.0 | 16.8 MB
View: Pale Moon Homepage | Pale Moon Screenshot