Pale Moon is an Open Source, Firefox-based web browser available for Microsoft Windows and Linux (with other operating systems in development), focusing on efficiency and ease of use. Make sure to get the most out of your browser!

Pale Moon offers you a browsing experience in a browser completely built from its own source with carefully selected features and optimizations to maximize the browser's speed*, stability and user experience, while maintaining compatibility with thousands of Firefox extensions many have come to love and rely on.

Main features:

• Optimized for modern processors
• Based on the Unified XUL Platform (UXP) containing our own optimized layout and rendering engine (Goanna)
• Safe: forked from mature Mozilla code and regularly updated with the latest security patches
• Secure: Additional security features and security-aware development
• Supported by our user community, and fully non-profit
• Familiar, efficient, fully customizable interface
• Support for full themes: total freedom for any element's design
• Support for easily-created lightweight themes (skins)
• Smooth and speedy page drawing and script processing
• Superior gradients and fonts
• Increased stability: experience fewer browser crashes
• Support for many "legacy" Firefox extensions, but please read this
• Support for a growing number of Pale Moon exclusive extensions
• Extensive and growing support for existing web standards

Pale Moon: Release notes

General note:
DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

v28.13.0 (2020-09-04)

This is a compatibility, bugfix and security update. Special thanks to our new code contributors this cycle (you know who you are)!

Changes/fixes:

• Updated the included site-specific user-agent overrides for a number of websites that need them.
• Rewritten the browser's padlock code to use more modern APIs and provide more accurate security status indication.
  Now also with localized tooltips!
• Fixed a missing close button on the undo prompt after removing a thumbnail from the QuickDial new tab page.
• Fixed an issue with the alternative stylesheet menu in the browser's UI not working.
• Implemented the use of intrinsic aspect ratios for images to improve layout during load and page positioning.
• Added a preference to the use of node.getRootNode and disabled by default. See implementation notes.
• Added CSS -webkit-appearance as an alias for -moz-appearance to improve compatibility with websites that only try to use Chrome-specific keywords to style standard form elements.
• Updated the SQLite library to 3.33.0.
• Reinstated precise floating point precision model in JavaScript for those alternate builders who foolishly try to use the inaccurate "fast" model.
• Improved spec compliance of modular JavaScript use (ECMAScript modules).
• Changed media errors to be a more generic response, and added a preference (media.sourceErrorDetails.enabled) to enable detailed error reporting of media errors for debugging purposes.
  Previously, detailed errors were provided by default which could lead to privacy issues.
• Improved code stability of the AbortController implementation.
• Fixed a race condition in the secure connection library (NSS).
• Security issues fixed: CVE-2020-15664, CVE-2020-15666, CVE-2020-15667, CVE-2020-15668 and CVE-2020-15669.
• Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 1 defense-in-depth, 1 rejected, 9 not applicable.

Implementation notes:

• In 28.11.0 we introduced node.getRootNode because some websites would fail with an error if this function was not present. Unfortunately, this caused problems with other sites that (incorrectly) assume Google WebComponents are available when this utility function is present (feature detection gone wrong). While it is considered by some to be part of the Google WebComponents implementation, it actually has utility value outside of that use. Because of the problems caused, we've added a preference and disabled it by default, fixing these kinds of websites.
  When needed, you can re-enable this function with dom.getRootNode.enabled
  This should improve web compatibility by default yet still allow users to enable this function for websites that use its utility but do not use WebComponents.

Homepage: http://www.palemoon.org/