Pale Moon has been updated to version 33.5.0. This is a development, bugfix and security release.
Note: Intel Mac builds are now "ad hoc" signed instead of unsigned, which should solve potential issues with newer macOS while still being compatible with old OS X. If you experience issues, please post in the Mac board on the forum for support.
Changes/fixes:
Implementation notes:
*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select
Release Notes
Release Cycle
Note: Intel Mac builds are now "ad hoc" signed instead of unsigned, which should solve potential issues with newer macOS while still being compatible with old OS X. If you experience issues, please post in the Mac board on the forum for support.
Changes/fixes:
- Implemented Regular Expression "match indices" (/d) feature.
- Added a way to programmatically clear the DNS cache in the browser, and added a button to the UI for it in about:networking.
- Updated handling of referrer policies to adhere to the updated spec.
- CSS font variations keywords no longer throw an error. See implementation notes.
- CSS border-radius will now also apply to element outlines.
- Improved the display of amount of cached web content in preferences when cache is being cleared.
- Improved the installer AVX check to skip on early versions of Windows 10 (which don't support it).
- Updated NSS to 3.90.5 (unofficial) to pick up some security fixes.
- Refreshed the built-in list of effective top-level domains.
- Fixed several application crashes.
- Reduced unnecessary debug/informative messages in release builds (WebGL and CSP).
- Backed out building against ffmpeg 6.0 and ffvpx 6.0 for causing a video playback regression on full-range videos (levels 0-255).
- Cleaned up a large amount of leftover Boot2Gecko code, simplifying code paths throughout the code base.
- From this version forward we also publish language packs for Persian (Farsi), Hindi, Kannada and Vietnamese.
- Security issues addressed: CVE-2024-11693 and CVE-2024-11704 (DiD).
Implementation notes:
- The CSS font variations keywords (woff2-variations, truetype-variations, etc.) allow webmasters to indicate format hints for @font-face font resources so authors can provide alternative resources for browsers that don't support tech(variations). The intent of these hints is to provide an alternate font with variations in addition to regular fonts without. Unfortunately, some webmasters don't indicate a base font the variation font face would be an alternate for, which resulted in Pale Moon throwing an error on the only @font-face src entry provided, in turn having the web font not being loaded at all (because no valid entry was found), breaking website layout. From this version onwards, we parse the -variations keywords allowing variation alternative font-faces to be loaded, even if no base font was specified. To webmasters only supplying @font-face entries with variations keywords: please understand the intent of this CSS 4 spec and always provide a base font entry (graceful fallback).
*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select
Release Notes
Release Cycle