Software  When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Pale Moon 25.3

Pale Moon

Pale Moon is a custom-built and optimized Firefox-based browser for Windows operating systems with current, high performance processors. It looks identical to the standard Firefox browser and supports Firefox extensions, themes and identities.

Features:

  • Highly optimized for modern processors
  • 100% Firefox sourced: As safe as the browser that has seen years of development.
  • Uses slightly less memory because of disabled redundant and optional code
  • Significant speed increases for page drawing and script processing
  • Stability: experience fewer browser crashes.
  • Support for SVG and Canvas, and downloadable fonts including WOFF
  • Support for HTML5 and WebGL (v4+)
  • Support for Firefox extensions (add-ons), themes and personas
  • Support for OOPP (Out-of-process plugin execution)
  • Able to use existing Firefox bookmarks and settings with this migration tool

Pale Moon 25.3 changes:

This is an important update to improve features and performance, as well as address important security issues.

Fixes/changes:

  • Overhauled WebGL. It now properly supports depth textures, shadow mapping and glow shaders.
  • Note that older operating systems or older/embedded video processors may be limited in their support of these features.
  • Updated the ANGLE library to a much more current version.
  • Removed the crash reporter code completely to improve overall browser responsiveness and operation.
  • Please note that a necessary victim of this has been the in-browser (devtools) SPS profiler because of its reliance on crash reporter data-gathering tools.
  • Removed the Mozilla Plugin Finder Service (no longer in use @Mozilla).
  • Android: removed the Mozilla "product announcements" service.
  • Re-added control of the number of concurrent tabs to be restored from a session with browser.sessionstore.max_concurrent_tabs (accepted values 1-10)
  • Significantly improved performance and accuracy of date/time/timer handling.
  • Significantly improved performance of the creation of DOM elements with plain text content.
  • Added several significant performance optimizations for arrays and strings in javascript.
  • Added several code performance optimizations and bugfixes in SVG, the presentation shell, SCTP, style gradients and CSS parsing routines. (Thanks, Axiomatic!)
  • Added an "Open link in current tab" context menu entry on links for UI consistency.
  • Updated styling of the browser with personas (lightweight themes) once more to improve display in tabs-on-top mode, improve overall legibility of tab text, and display of inverted close buttons on some controls on dark personas.
  • Added a special case check for the Flash plugin version check on Linux failing due to commas instead of periods in the version string.
  • Added Windows 10 compatibility in executable manifests.
  • Android: Fixed a crash on GL canvas surfaces.
  • Fixed incorrect Sync "howto" instruction links from the Sync dialogs.
  • Fixed the color of selected tabs in Linux when personas (lightweight themes) are in use that do not match the overall tone of the OS system theme.
  • Fixed a bug where a variable in parentheses would abort Javascript parsing.
  • Fixed a bug where the address bar would incorrectly be cleared.
  • Fixed padding issues for dropdown lists.
  • Fixed DNS lookups so proper record types are requested for IPv4 and IPv6.

Security fixes:

  • Disabled all RC4-based encryption ciphers by default. [More info]
  • Fixed several miscellaneous memory safety hazards.
  • (applicable bugs related to CVE-2015-0835 and CVE-2015-0836)
  • Fixed loading of locally stored DLL files through the internal updater. (CVE-2015-0833)
  • Fixed a potential crash point in IndexedDB. (CVE-2015-0831) DiD
  • Fixed a double-free situation when using non-default memory allocators and a 0-length XHR. (CVE-2015-0828)
  • Note: production builds of Pale Moon were never vulnerable.
  • Fixed a crash using DrawTarget in the Cairo graphics library. (CVE-2015-0824)
  • Fixed potential reading of local files through manipulation of form autocomplete. (CVE-2015-0822)
  • Fixed a potential PNG heap-overflow crash. DiD
  • Followed up on research regarding CVE-2014-8639 (see 25.2) and made cookie handling through proxies more restrictive again.

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

Download: Pale Moon 25.3 | 20.4 MB (Freeware)
Download: Portable Pale Moon 25.3 | 22.1 MB
Download: Pale Moon 25.3 x64 | 23.6 MB
Download: Intel Atom & Windows XP optimized Pale Moon 25.3 | 19.1 MB
View: Pale Moon Homepage | Release Notes

Report a problem with article
Next Article

ShareX 9.8.0

Previous Article

HoneyView 5.11