Pale Moon 28.6.1

Pale Moon

Pale Moon is an Open Source, Goanna-based web browser available for Microsoft Windows, Linux and Android, focusing on efficiency and ease of use. Make sure to get the most out of your browser!

Pale Moon offers you a browsing experience in a browser completely built from its own, independently developed source that has been forked off from Firefox/Mozilla code, with carefully selected features and optimizations to improve the browsers speed, resource use, stability and user experience, while offering full customization and a growing collection of extensions and themes to make the browser truly your own.

Features:

Optimized for modern processors
Based on proprietary optimized layout engine (Goanna)
Safe: forked from mature Mozilla code and regularly updated
Secure: Additional security features and security-aware development
Supported by our user community, and fully non-profit
Familiar, efficient, fully customizable interface
Support for full themes: total freedom over any elements design
Support for easily-created lightweight themes (skins)
Smooth and speedy page drawing and script processing
Increased stability: experience fewer browser crashes
Support for many Firefox extensions
Support for a growing number of Pale Moon exclusive extensions
Extensive and growing support for HTML5 and CSS3
Many customization and configuration options

Pale Moon 28.6.1 changelog:

Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
Implemented a revised version of http2PushedStream to address some thread safety issues.
Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
Fixed a type confusion issue in JavaScript Arrays. (DiD)
Added a fix for cross-thread access of Necko. (DiD)
Added a port safety check for Alternative Services.
Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and several networking and memory-safety hazards that do not have CVE numbers.