Pale Moon is an Open Source, Goanna-based web browser available for Microsoft Windows, Linux and Android, focusing on efficiency and ease of use. Make sure to get the most out of your browser!
Pale Moon offers you a browsing experience in a browser completely built from its own, independently developed source that has been forked off from Firefox/Mozilla code, with carefully selected features and optimizations to improve the browsers speed, resource use, stability and user experience, while offering full customization and a growing collection of extensions and themes to make the browser truly your own.
- Optimized for modern processors
- Based on proprietary optimized layout engine (Goanna)
- Safe: forked from mature Mozilla code and regularly updated
- Secure: Additional security features and security-aware development
- Supported by our user community, and fully non-profit
- Familiar, efficient, fully customizable interface
- Support for full themes: total freedom over any elements design
- Support for easily-created lightweight themes (skins)
- Smooth and speedy page drawing and script processing
- Increased stability: experience fewer browser crashes
- Support for many Firefox extensions
- Support for a growing number of Pale Moon exclusive extensions
- Extensive and growing support for HTML5 and CSS3
- Many customization and configuration options
Pale Moon 28.16.0 changes/fixes:
- Aligned CSS tab-size with the specification and un-prefixed it.
- Updated Brotli library to 1.0.9.
- Updated JAR lib code.
- Optimized UI code, resulting in smaller downloads and less space consumed on disk.
- Changed the default Firefox Compatibility version number to 68.0 (since versions ending in .9 makes some frameworks unhappy, refusing access to users)
- Cleaned up HPKP leftovers.
- Disabled the DOM filesystem API by default.
- Removed Phone Vibrator API.
- Fixed an issue where the software uninstaller would not remove the program files it should.
- Fixed a devtools crash related to timeline snapshots.
- Fixed an issue in Skia that could cause unsafe memory access. DiD
- Fixed several data race conditions. DiD
- Fixed an XSS vulnerability where scripts could be executed when pasting data into on-line editors.
- Linux: Fixed an overflow issue in freetype.
- Security issues addressed: CVE-2020-26960, CVE-2020-26951, CVE-2020-26956, CVE-2020-15999 and several others that do not have a CVE designation.
- Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 4 defense-in-depth, 3 rejected, 20 not applicable.
- Windows binaries should all be properly code-signed again.
- The uninstaller issue might only appear if you have not used the internal updater to update the browser after installation.
- The DOM Filesystem and dir picker APIs are, in practice, not used on websites. We've disabled these web-exposed APIs because they are not entirely without potential risk, and intend to remove them in a future version unless there is a demonstrable need to keep them as optional (unsupported) APIs in the platform.
- One of the rejected security patches deals with entering a single word in the address bar. Standard browser behavior in that situation is for browsers to do a normal network lookup of that word in case it is a LAN machine name (other browsers also do this) which may "leak" your entered search term to the LAN. If you want to avoid this, please always use the search box for entering web searches, as it's unambiguous what to do with single words in that case.
Note for Linux users: With CentOS 6 going end-of-life, this version will be the last for which we will be building 32-bit Linux official binaries to download. While your distribution may choose to continue offering 32-bit versions of the browser, built from source by the maintainers, we won't be offering any further official 32-bit Linux binaries on our website. Please check with your distribution's package maintainers to know if further 32-bit support will be available on your particular flavor of Linux.
Get alerted to all of our Software updates on Twitter at @NeowinSoftware