Pale Moon is a custom-built and optimized Firefox-based browser for Windows operating systems with current, high performance processors. It looks identical to the standard Firefox browser and supports Firefox extensions, themes and identities.
Features:
- Highly optimized for modern processors
- 100% Firefox sourced: As safe as the browser that has seen years of development.
- Uses slightly less memory because of disabled redundant and optional code
- Significant speed increases for page drawing and script processing
- Stability: experience fewer browser crashes.
- Support for SVG and Canvas, and downloadable fonts including WOFF
- Support for HTML5 and WebGL (v4+)
- Support for Firefox extensions (add-ons), themes and personas
- Support for OOPP (Out-of-process plugin execution)
- Able to use existing Firefox bookmarks and settings with this migration tool
Pale Moon 25.8.0 This is a security, stability and usability update:
Fixes/changes
- Updated LibVPX to 1.4.x to be able to play more kinds of VP9-encoded videos.
- Updated the JPEG decoder library to 1.4.0.
- Fixed and cleaned up XPCOM timer thread code to avoid intermittent issues with events not firing (especially after stand-by).
- Updated overrides to work around issues with Facebook and Netflix.
- Fixed an issue where too-old system-supplied NSPR and/or NSS libraries would be accepted for use.
Security fixes
- Updated the libpng library to 1.5.24 to address critical security issues CVE-2015-7981 and CVE-2015-8126
- Updated the NSPR library to 4.10.10 to address several security issues.
- Updated the NSS library to 3.19.4 to address several security issues.
- Fixed a memory safety hazard in SVG path code (CVE-2015-7199).
- Fixed an issue with IP address parsing potentially allowing an attacker to bypass the Same Origin Policy (CVE-2015-7188).
- Fixed an Add-on SDK (Jetpack) issue that would allow scripts to be executed despite being forbidden (CVE-2015-7187).
- Fixed a crash due to a buffer underflow in libjar (CVE-2015-7194).
- Fixed an issue for Android full screen that would potentially allow address spoofing (CVE-2015-7185).
- Added size checks in canvas manipulations to avoid potential image encoding vulnerabilities like CVE-2015-7189. DiD
- Fixed potential information disclosure vulnerabilities through the NTLM authentication mechanism. Insecure NTLM v1 is now disabled by default, and the workstation name is set to WORKSTATION by default (configurable with a preference for environments where identification of workstations is done by actual reported machine name). This avoids issues like CVE-2015-4515.
- Fixed a potentially vulnerable crash from a spinning event loop during resize painting. DiD
- Fixed several Javascript-based memory safety hazards. DiD
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
Download: Pale Moon 25.8.0 | 20.4 MB (Freeware)
Download: Portable Pale Moon 25.8.0 | 22.2 MB
Download: Pale Moon 25.8.0 x64 | 23.6 MB
Download: Intel Atom & Windows XP optimized Pale Moon 25.8.0 | 19.1 MB
View: Pale Moon Homepage | Pale Moon Screenshot
1 Comment - Add comment