Pale Moon is an Open Source, Goanna-based web browser available for Microsoft Windows, Linux and Android, focusing on efficiency and ease of use. Make sure to get the most out of your browser!
Pale Moon offers you a browsing experience in a browser completely built from its own, independently developed source that has been forked off from Firefox/Mozilla code, with carefully selected features and optimizations to improve the browser's speed, resource use, stability and user experience, while offering full customization and a growing collection of extensions and themes to make the browser truly your own.
- Optimized for modern processors
- Based on proprietary optimized layout engine (Goanna)
- Safe: forked from mature Mozilla code and regularly updated
- Secure: Additional security features and security-aware development
- Supported by our user community, and fully non-profit
- Familiar, efficient, fully customizable interface
- Support for full themes: total freedom over any element's design
- Support for easily-created lightweight themes (skins)
- Smooth and speedy page drawing and script processing
- Increased stability: experience fewer browser crashes
- Support for many Firefox extensions
- Support for a growing number of Pale Moon exclusive extensions
- Extensive and growing support for HTML5 and CSS3
- Many customization and configuration options
Pale Moon 27.0.3 release notes:
- Fixed certain network errors not displaying.
- Fixed network error page styling.
- Fixed the writing of DOM storage data to tabs (should solve the "tabs not loading their contents" issue when migrating a profile and some other situations).
- Disabled downloadable font unicode-ranges on non-Windows platforms.
- Added a Google Fonts user-agent override for non-Windows platforms so they don't send unicode-ranged composite fonts (Feature detection? Google apparently still doesn't know what that is).
- Re-enabled the reporting of CSS errors to the console by default to prevent issues with some extensions who rely on this (e.g. Stylish).
- Fixed and updated preferences for location bar suggestions.
- Fixed several x64-specific issues in memory allocation code (regression fix).
- Fixed timer issues when resuming a computer from stand-by (regression fix).
- Fixed a number of branding and textual issues in the browser.
- Fixed prompting for the saving of off-line data (previously always allowed without prompting).
- Fixed a layout regression that would cause block elements following left floats to not wrap to the next line if there wasn't enough clearance.
- Fixed a mismatch in Firefox extension compatibility-mode installation where Firefox extensions served by addons.mozilla.org would be marked incompatible when trying to install.
Security-related and crash fixes
- Fixed use-after-free while manipulating DOM events and removing audio elements (CVE-2016-9899).
- Fixed CSP bypass using the marquee tag (CVE-2016-9895).
- Fixed a vulnerability in the internal Jetpack modules (CVE-2016-9903). DiD
- Fixed use-after-free in Editor while manipulating DOM subtrees (CVE-2016-9898).
- Fixed an error in the buffer logic in http-chunked decoder.
- Fixed a crash in generational GC code (not in use by default) DiD
- Fixed a compartment mismatch bug in plug-in code
- Fixed a crash trying to get a nonexistent property.
- Improved MediaRecorder's observer safety.
- Fixed a crash related to document history.
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.