Pale Moon offers you a browsing experience in a browser completely built from its own, independently developed source that has been forked off from Firefox/Mozilla code a number of years ago, with carefully selected features and optimizations to improve the browser’s stability and user experience, while offering full customization and a growing collection of extensions and themes to make the browser truly your own.
- Optimized for modern processors
- Based on our own optimized layout engine (Goanna)
- Safe: forked from mature Mozilla code and regularly updated
- Secure: Additional security features and security-aware development
- Supported by our user community, and fully non-profit
- Familiar, efficient, fully customizable interface
- Support for full themes: total freedom over any element’s design
- Support for easily-created lightweight themes (skins)
- Smooth and speedy page drawing and script processing
- Increased stability: experience fewer browser crashes
- Support for many Firefox extensions
- Support for a growing number of Pale Moon exclusive extensions
- Extensive and growing support for existing web standards
- Many customization and configuration options
Screenshots are not available
– Changed the about:feeds icon for external applications to a generic icon, since that kind of access to executables is no longer allowed for security reasons.
– Fixed issues with copying/pasting bookmarks in the Library View.
– Fixed a crash occurring when using HTTP pipelining over some (broken) proxies.
– Fixed several issues with animated WebP display (animations stopping, corrupted frames on lossy images, etc.)
– Fixed an issue with the display of truncated GIF images.
– Fixed an issue with deleting recent history not working properly.
– Fixed incorrect duplicate compatibility mode preferences in about:config.
– Fixed a major performance issue with web workers.
– Fixed a rare crash on local networks with HTTP basic auth and unsupported cipher suites.
– Fixed a performance/timer issue when leaving the browser idle.
– Fixed an issue causing an empty dialog when launching executable files from the browser.
– Fixed an issue preventing making entries to disallow sites to store data for off-line use.
– Removed code to prevent extensions with binary components.
– Fixed an issue with common dialogs being sized incorrectly for their content.
– Fixed an issue with event handling on the tab bar that would cause frustrating behavior when trying to open/close tabs in rapid succession.
– Switched default behavior for scrolling when a context or pop-up menu is open to allow scrolling, like in v27. This also affects scrolling in very long menus, e.g. bookmarks.
– Added experimental Asynchronous Panning and Zooming (APZ) for desktop use.
– Re-enabled the use and parsing of ICC v4 color profiles.
– Removed telemetry code from the caching subsystem.
– Improved full-screen detection for suppressing status messages.
– Made all arguments passed to Init*Event() optional except the first for parity with other browsers.
– Cleaned up some internal installer code.
– Fixed making caret width configurable when dealing with CJK characters (regression).
– Fixed drawing of table borders consistently when zooming a page (regression).
– Exposed the “Save download location per site” pref in about:config.
– Improved media handling (ongoing).
– Added experimental support for AV1 in WebM videos (disabled by default).
– Note: this is for WebM only for now, so MP4 and MSE AV1 streams (e.g. YouTube) will not (yet) play.
– Removed the (defunct and incomplete) in-browser translation code.
– Fixed an issue with CSS Grid layouts unnecessarily shrinking element blocks.
– Fixed notification settings menu entry (opes about:permissions with relevant data now).
– Fixed the launching of an undesirable background content process for capturing page thumbnails.
– Fixed a focus issue in the bookmark properties dialog.
– Changed the setting for reporting CSS errors to the console to false by default, to prevent unnecessary performance loss for recording this data.
– Added control mechanisms for Opportunistic Encryption (both for alternative services and upgrade-insecure-requests) in preferences, and disabled this by default due to potential security and privacy issues with this transitional technology.
– Updated the default reported Firefox version in Firefox Compatibility Mode to prevent “too old Firefox” complaints on websites.
– Updated libnestegg, ffvpx, reader view components and several other modules from upstream.
– Implemented security fixes for CVE-2018-12381, CVE-2017-7797, a better fix for CVE-2018-12386 (DiD), CVE-2018-12401 (DiD), CVE-2018-12398, CVE-2018-12392, several Skia bugs, and several crashes and memory safety hazards that do not have a CVE number.
– Updated NSS to 3.38, removed TLS 1.3 draft version check since it’s considered final.
– Reinstated RC4 as an optional encryption cypher for non-standard environments (e.g. old routing/peripheral networked hardware on LAN). RC4 and 3DES are marked weak and disabled, and will never be used in the first handshake with a site, only as last-ditch fallback when specifically enabled (meaning they won’t show up on ssllabs’ test, for example).
– Removed Telemetry accumulation calls, automatic timers and stopwatches. This removes a very noticeable performance sink for all operations on all platforms.
– Fixed many occurrences of discouraged types of memory access for primarily GCC 8 compatibility. This improves overall code security as a defense-in-depth measure.
– Re-implemented the pref-controlled custom background color for standalone images.
– Updated session history handling for internal pages. about:logopage is no longer stored in history, and you can choose to store the QuickDial page in history by setting the pref browser.newtabpage.add_to_session_history to true. This is disabled by default (meaning you can’t use the “Back” button to go back to the QuickDial page) as a defense-in-depth security measure.
– Added ui.menu.allow_content_scroll to control whether content can be scrolled if a context menu is open.
– Fixed incorrect code removal in ipc.
– Removed support for TLS session caches in TLSServerSocket.
– Added support for local-ref as SVG xlink:href values.
– Changed the find bar to be a browser-global toolbar again (like in Pale Moon 27) instead of per-tab. For people who prefer search terms to be saved on a per-tab basis (like with the per-tab findbar previously), this is possible by setting findbar.termPerTab to true. This resolves a number of issues, including styling with lightweight themes not applying to the find bar, and status pop-ups overlapping the find bar.
– Ported all relevant security fixes from Mozilla’s Gecko/62 release, including CVE-2018-12377 and CVE-2018-12379.
– Restored part of the searchplugin API that was removed by Mozilla, so extensions can provide and save edits to installed search engines.
– Improved the speed of restoring browsing sessions upon startup.
– Fixed the “Restore previous session” button sometimes being missing from about:home, while a restorable session would be present.
– Fixed tab previews in the Windows taskbar (if enabled).
– Fixed the setting of the new tab page being “My Home Page” so it’ll pick up subsequent changes to the home page URL automatically.
– Removed the Firefox Accounts migrator from Sync.
– Fixed an issue with the enabled state of number controls if appearances changed.
– Stopped building ffvpx on 32-bit platforms (except windows) to use the (faster) system-installed lib instead.
– Re-added a horizontal scroll action option for mouse wheel. (regression)
– Fixed handling of content language if the locale is changed.
– Fixed document navigation with the F6 key.
– Fixed toolbar styling in toolkit themes.
– Fixed viewing the source of a selection.